Saturday, January 23, 2016

Remote access to the car or practical aspects of the ELM 327 security

      What would you say if I tell you that many car owners grant open remote wireless access to their cars? More over many of them available on the 4/7 basis.. You probably would tell me that it's impossible or might think I discovered new security bug in the new cars with built-in WiFi or Bluetooth... Nope! I'm taking about yours 5-7-10 years old cars! How come?
      Many of you probably know about OBD-II connector installed in your car.


 It is used for  diagnostic, but at the same time for cleaning  car error codes or even for car firmware upgrade.  Nice and quite useful interface that give you access to the CAN bus and widely used by a car owners to check their cars.
     Currently cheapest 10$  (thanks to our Chinese friends) and widely used adapters are based on  ELM 327 chip plus, guess what, Bluetooth or even WiFi interface.


 Sure things they definitely need wireless interface so you can do car diagnostic using you smartphone or tablet :-)
To collect more data and to simplify life (finding the port and connecting device while sitting in a car on driver's seat is definitely a gymnastic trick :-)  ) many car owners just leave the device always connected!
Not only connected but in the most cases (based on the adapter version ) always powered ON.

So, we have wireless adapter always connected to you car and using as security measure .....  default unchangeable PIN (1234 for Bluetooth and 12345678 for WiFi). What a gift!

What you can do knowing all above? Scan for Bluetooth of WiFi devices broadcasting OBD II name and...

Have a Good Hack  Luck and stay secure!

PS.

Useful links related to CAN bus security: