What would you say if I tell you that many car owners grant open remote wireless access to their cars? More over many of them available on the 4/7 basis.. You probably would tell me that it's impossible or might think I discovered new security bug in the new cars with built-in WiFi or Bluetooth... Nope! I'm taking about yours 5-7-10 years old cars! How come?
Many of you probably know about OBD-II connector installed in your car.
It is used for diagnostic, but at the same time for cleaning car error codes or even for car firmware upgrade. Nice and quite useful interface that give you access to the CAN bus and widely used by a car owners to check their cars.
Currently cheapest 10$ (thanks to our Chinese friends) and widely used adapters are based on ELM 327 chip plus, guess what, Bluetooth or even WiFi interface.
Sure things they definitely need wireless interface so you can do car diagnostic using you smartphone or tablet :-)
To collect more data and to simplify life (finding the port and connecting device while sitting in a car on driver's seat is definitely a gymnastic trick :-) ) many car owners just leave the device always connected!
Not only connected but in the most cases (based on the adapter version ) always powered ON.
So, we have wireless adapter always connected to you car and using as security measure ..... default unchangeable PIN (1234 for Bluetooth and 12345678 for WiFi). What a gift!
What you can do knowing all above? Scan for Bluetooth of WiFi devices broadcasting OBD II name and...
Many of you probably know about OBD-II connector installed in your car.
It is used for diagnostic, but at the same time for cleaning car error codes or even for car firmware upgrade. Nice and quite useful interface that give you access to the CAN bus and widely used by a car owners to check their cars.
Currently cheapest 10$ (thanks to our Chinese friends) and widely used adapters are based on ELM 327 chip plus, guess what, Bluetooth or even WiFi interface.
Sure things they definitely need wireless interface so you can do car diagnostic using you smartphone or tablet :-)
To collect more data and to simplify life (finding the port and connecting device while sitting in a car on driver's seat is definitely a gymnastic trick :-) ) many car owners just leave the device always connected!
Not only connected but in the most cases (based on the adapter version ) always powered ON.
So, we have wireless adapter always connected to you car and using as security measure ..... default unchangeable PIN (1234 for Bluetooth and 12345678 for WiFi). What a gift!
What you can do knowing all above? Scan for Bluetooth of WiFi devices broadcasting OBD II name and...
- diagnose a car :-))
- get access to the CAN bus or hack the CAN bus
- control the car or even autopilot it.
Have a Good Hack Luck and stay secure!
PS.
Useful links related to CAN bus security:
- Comprehensive Experimental Analyses of Automotive Attack Surfaces
- Hopping On the CAN Bus. Automotive Security and the CANard Toolkit. Eric EvenchickBlack Hat Asia 2015
- canbushack: Hack Your Car
- Adventures in Automotive Networks and Control Units
- DEFCON-21-Illera-Vidal-Dude-WTF-in-My-Car-Updated
- Car Hacking Really Is For Dummies With This Sexy (And Free) Software
- How to Hack Your Mini Cooper:Reverse Engineering CAN Message on Passenger Automobiles