I would love it if somebody would make a guide to create a "privacy car": disabling OnStar, shutting off all telematics that manufacturers put into the navigation and infotainment systems, changing or disabling the serial numbers in the tire-pressure monitoring system, and similar things. I imagine that this would need to be model-specific, but I'm amenable to choosing a new car based the availability of a privacy hack, the same as developers who choose their computers/phones/routers based on availability of firmware replacement and known jailbreaks.
I agree that would be cool, although with 2018+ cars this is going to get very difficult. Manufacturers are starting to encrypt bus traffic and add firewalls that will prevent unauthorized communication between certain ECUs and from the J1962 connector (aka "OBDII Port").
I work for an auto supplier that supplies vehicle communication software, so I can confirm first hand that some 2018 vehicles currently on sale already have these firewalls:
Which is to keep the evil hackers out, but has the additional benefit that they can have a captive market for a $100 part that would normally be $1. The aftermarket suppliers are locked out of the market because they don't have the private keys to handshake on the bus.
(happily keeping my late 90's car running, although my most recent car literally has gone 100k miles with _NOTHING_ but oil, tires and brake pads). Its now at its first service interval and I'm wondering if I should just trade it in before anything breaks.
I'd keep it until the wheels fell off. I had a 91 Nissan that had very few problems unlike my 13' vw tdi. I'm not excited about the future of automobiles for people that like driving and repairing their own vehicles. With countries legislating gas burning vehicles it's likely to increase the production of electric vehicles and most likely self driving vehicles. Which is great if you want to live a couple hours away and sleep on the way in to work. But imagine the vehicle malfunctioning for something like a simple cold start issue that can be resolved with a can of starter fluid. A quick trip to the part store turns into a month in the service center. Not excited at all.
> The aftermarket suppliers are locked out of the market because they don't have the private keys to handshake on the bus.
That is a potential problem, especially for "hacker" type suppliers (offering performance components for example). That said, the manufacturer I work with sells their diagnostic tool to the aftermarket, so at least aftermarket garages can get access for repairs.
Yes, the John Deere situation will likely drive change in the automotive world too. There is already a pretty strong "right to repair" law in MA, and it will likely inform the laws that are written in other states or maybe even at a federal level. All automakers have to conform to the MA law already, but I'm not sure if that law applies to farming/John Deere as well.
Privacy Car = classic car. Or even just a bit older car. If it's from the 90s and before it probably won't be able to track you. Of course, it will probably be less safe in a crash too.
That's a good point. You can definitely choose cars that are both more recent than 20 years old and do not have tracking. I have a car from 2011 and I didn't even feel the need to consider tracking when I got it 4 years ago.
My neighbor has a small parking lot in his backyard with 10 old cars. Everyone calls it "junk yard" because all his cars are old with chipping off paint, dusty windshields, etc. The ironic part is that most of those cars have such basic electronics, that EMP hits us, he is the only one comfortably driving off on four wheels. Everyone else will need bicycles, horses, or plain walk.
There may not be a guide, but I would think general rules are to avoid OnStar, navigation systems, cellular-to-WiFi, etc. I heard about the TPMS/RFID stuff. It seems like there is so much we just can't find out without manufacturers telling their secrets or tearing down our cars.
Also, one thing I really want to know is what happens to all the data from frontal collision warning systems, rear view cameras, etc.
I wish there was in-depth information about this what manufacturers do. I found an article but it is light on datails.[1]
Eventually some genius consultant for an automaker will earn a handsome bonus for introducing the idea of a secure car: one with no network or wireless functionality whatsoever.
I would love it if I didn't have to click Accept on the touch-screen in my car every time I start it up. I shouldn't have to accept the terms and conditions every time - I already have agreed to abide by local laws - it's my driving license.
Anybody know if it's possible to get into a these systems and do a bit of tinkering? I guess my question is more: as someone who isn't really prepared to spend weeks looking for buffer overrun exploits, is there usually a quick ("mechanic's view") backdoor to these things that's accessible with a bit of cunning?
Maserati Ghibli (2017) - the parent company is Fiat/Chrysler and they seem to have a re-skinned Chrysler infotainment system. Which isn't too bad once you get past the annoying warning. It doesn't stop me driving, just stops quick access to things you want to set when you get in the car.
My Boxster does the same thing, which is indeed annoying, but at least it doesn't disable any functions while driving. That would be infuriating.
One thing that helps in my case is to double-click the MAP button instead of pressing it only once. The first keypress has the effect of accepting the nag screen, while the second pulls up the map. Sounds like you get the message even when you aren't using the nav system, though, so that probably won't help.
If I were any more annoyed about the nag screen than I already am, I'd bodge in a small microcontroller to double-click the MAP button whenever the car is started. (I already had to add one to force it to remember Sport mode across drive cycles.) That would have the significant advantage of working without digging into the touchscreen logic. So if the Ghibli has a physical button somewhere that has the same effect as clicking "OK," that's probably your best option.
toyota prius have this problem. there was another problem, you couldn't set a mapping address while it was driving (even if you were the passenger). the soln was some kind of inline clip that cut the wire conceptually that was telling the mapping system the car was moving.
Yeah - my Audi isn't perfect, but it at least errs on the side of "well, you're an adult".
Driving along and start to enter navigation info? "You should only enter information when safe." "OK". And it continues to let you. Doesn't block or disable (my Toyota a few years back would require you to agree to GPS map accuracy warning every time, and then disable input if the vehicle was above 3mph...).
This is a great primer on car hacking, but in my opinion it focuses a lot on the "physical layer". My bet would be that the future is going to be based in things like what Comma.ai is building upon what the book describes.
Wait. People keep mentioning Comma.AI. Didn't they die, after failing to go all Uber on transportation safety, followed by the founder throwing a tantrum?
They are still around developing electronics or products for specific models of autos. Is their goal to provide a low-end device that will do automatic driving (at what level)? https://comma.ai/
Edit: spelling
go non profit and create "open source vehicle" certification and lobby in local communities to ban autonomous driving of cars in their communities unless they have the cert.,
> (The future) (is going to be) (based in (things like (what (Comma.ai) (is building upon) (what (the book) (describes)))))
I interpreted it to mean:
> The future will have many products similar to those made by the company Comma.ai.
Comma.ai creates technology on top of the hardware described by this book.
It's so badly nested that even with parentheses it's hard to follow. Here's a version with indentation, which is marginally better. (This sort of thing is what the concept of cyclomatic complexity was invented to prevent.)
(The future)
(is going to be)
(based in
(things like
(what
(Comma.ai)
(is building upon)
(what
(the book)
(describes)
)
)
)
)
Hacking/tuning is market driven. There aren't many people looking to re-tune their Kias for the supercharger or drop modern VW power-trains into old muscle cars.
The more knowledge is out there on how to work with the vehicle's systems in a way other than the OEM intended then the easier it will be.
The computer systems will generally be the same across manufacturer (e.g. the Focus will be about the same as a Mustang) so a lot of the higher level stuff transfers but there's a ton of little "gotchas" that will be better documented by the aftermarket on the performance targeted platforms
The hackability comes with the car doing most of it's internal communication via a CAN bus and having enough electrical power to power your custom electronics.
Apart from that, the car needs to have Steering by wire, Gas/Brake by wire and Shift by wire. Lane Keep Assist and Adaptive Criuse Control in those models mean that the car can be ordered to steer or accelerate via the can bus without additional actuators.
I have been learning about that topic for about a year and a half and the reason I recommend those specific models is because I have seen autonomous driving companies pick those specific ones without official support from the manufacturer.
Steering by wire --> none of the cars you listed have steer by wire. Nissan is the only OEM who has steer by wire in production. Brake by wire --> does not exist at all.
You are right in the formal sense, none of those cars officially have by-wire functionality but in order to have LKAS, Park Assist and ACC work they need to support steering via can bus messages and braking via can bus messages. I used by-wire in an informal sense. Disclamer, I have never worked in the car industry, that's why my terminology is a bit loose.
Work on the Lincoln MKZ / Ford Fusion was made popular thanks to Dataspeed / Autonomoustuff, they open sourced a ROS module but most of their magic is propietary / secret. It's expensive but a lot of startups use it.
The work that you point to is what we now know "openly", and yeah, there is only a few of us and I am one of the firsts sharing their findings on that specific model. There are a ton of people who know what we yet don't know but they don't/can't share it publicly.
While no cars have brake by wire, the computer can stop the car using mechanical actuators already(ABS is exactly this, or the more modern emergency breaking system) - same with steering, plenty of cars have "parking assist" where they park themselves, so the computer must be able to control the steering even if it's done by mechanical means.
Every car that has an lane assistant or a parking assistant with automatic steering, and there are number that do support either of those, is having some sort of steer by wire. Even the lane assistant is normally designed to give you a force in the steering wheel to keep the lane. That you can reuse for automatic driving of some sort.
I can’t speak to his rationale, but all of these are relatively affordable vehicles that take advantage of a lot of the newer technologies that tie into the CAN bus. Additionally, they expose interfaces to many of the onboard computers connected via CAN through the DLC connector, and off-the-shelf hardware exists for Toyota and Honda vehicles to expose the rest of the bus through the DLC connector, which is not particularly useful for typical scan tools, but it does allow for comma.io’s panda dongle to dump pretty much all of the information being passed around on the CAN bus.
Not sure if you can still do it but years ago at my first job one of my coworkers (with a BSC and MSC in mech eng) got the full workshop manual for his partners car so he could work on it.
I assume that he also did that for his Mustang which had been prepped for drag racing (the top class that is legal to drive on the road)
I've purchased (actual) shop manuals for my cars a couple times. The first time was for a mustang. They are better than the chilton style manuals but barely. I used to joke that the mustang manual was the most detailed choose your own adventure guide I'd seen. Because that is what they are for, they are a guide to diagnosing and replacing whatever part/module happens to be malfunctioning. Which is why the first page was something like "Customer is complaining of" followed by a long list of generic things, and the page to turn to to start diagnosing the problem. The sections on interpreting/diagnosing MIL codes are really where they shine, but the sections on repairing things are frequently "use special service tool $TOOLNUMBER" to remove part A from part B where as these days 10 mins on youtube frequently will have a shade tree mechanic way to get around the problem without spending $100 on some tool you will only use once.
So, you shouldn't imagine that the shop manuals detail the protocol between differing components or whatever. While they frequently will have complete wiring diagrams (with pinouts) between modules, I have yet to see a schematics for any of the modules, even when disassembling them shows that they are little more than a few passive components and a relay, motor, etc. That is where the real savings/knowledge come in anyway, its rebuilding the $300 dealer only door lock with a $.50 motor from the electronics supply house that has brushes that won't wear out in 5 years. Or swaping a good film cap for an electrolytic in some part that costs hundreds of dollars.
Basically generic problem solving skills make using those manuals needless. I have them for my late 90's car I keep around but I haven't opened them in probably 10 years. I don't own any manuals for the more recent ones. I drive toyotas now and they simply don't break regularly enough to need purchasing manuals. I can usually quickly diagnose if I'm going to be able to repair the problem myself in a couple hours at which point I proceed to do it, or just take it to the dealer/wherever.
I had obtained shop manuals for every car I ever owned. Almost always I only used them to find out how to disassemble something. Somewhat interesting observation that before model year 1995 or something like that the shop manuals generally included detailed mechanical drawings of various custom tools and jigs (detailed enough that you could conceivably manufacture the thing with dremel and lathe), since then you only get order numbers.
Probably earlier that that. I purchased the mustang set in the early 90's for a late 80's mustang. It definitely had a lot of special service tools usage.
(fox body, had no idea when I sold it for $500 in the late 90's they would be considered so cool today).
I bought this book, and he graciously provides it online.
It's put together well. I just haven't read it throughly, buy it's a keeper.
I just opened the book, and happened to see a motherboard. It was a VW board, and I saw this,
"In their paper, the researchers analyzed the algorithm and reported on the vulnerabilities they found, though the actual exploit was apparently not trivial and there were much easier ways to steal a car with a Megamos system. Nevertheless, the research was placed under a gag order, and the findings weren’t made public. Unfortunately, the problem with Megamos still exists, and it’s still insecure—the gag order simply prevents vehicle owners from determining their risk because the research isn’t publicly available. This is a prime example of how the auto industry should not respond to security research."
1. Ironic the board is made by VW.
2. We need to see all that information.
3. This was just a paper of a few security bugs.
4. My point is I don't want to be tied to a Dealership for the life of "my" vechicle when it gets sick.. I don't want to pay $220/hr to Reflash "my" vechicle.
5. And their will be those that get this post here, but I know the general public just cares about looks, and cup holders. As a kid, I knew most people didn't care about double overhead cams, etc.
6. A vechicle is a huge purchase for most of us. We shouldn't be locked out of anything we own. Can trust wireless attacker with the information; don't use wireless technology in your Vechicle.
7. I really wish Toyota who start manufacturing late 70-80's, simple trucks, and cars again. We want simplicity. Or, many of us want Simplicity.
8. Rant over. Key in off position, and and in pocket. Can't loose it--a replacement key is $350. I just don't get it. But then again I'm very unhappy lately. I sometimes think I need to attach the Jumper cables to by temples, and get a little shock. Amperage is not enough, or too high. Don't want to know.
I recently got back from a trip to Mexico, and I saw all kinds of new small simple trucks. Nissan's small truck (not sure of the name) and the Toyota Hilux seemed to be the most popular. There were all different kinds of bed attachments people were using.
The world needs more hackers, and the world definitely needs more car hackers. Vehicle technology is trending toward more complexity and more connectivity. Combined, these trends will require a greater focus on automotive security and more talented individuals to provide this focus.
Looking at recent “terror attacks”, where cars/trucks were used: it is plausible to think that terrorists could pull an organized attack using a coordinated fleet of hacked cars/trucks. Kind of scary...
Seems like you are confusing what technical people call a hacker with what journalist calls a hacker. The hacker used here is a person who thinkers and makes changes, what journalists calls a hacker is called cracker in that context. A car hack will be to make it work more the way you want it to, a car crack will be to take control and damage it or others with it
The problem here is the market distorting the incentives to the point that car-manufacturers have a interest that thieves create artifical demand backed by insurance money. Which the insurarers then transfer to the consumer, a circle that amounts to a hidden price raise for cars via insurrance, and contains nothing of value for the user of the product.
