General Boards > Off Topic
Can bus now been hacked for vehicle theft
mewgaf:
The early version of keyless entry you could open car and drive off car and then car would only need key once the car engine was stopped and you needed to start it again.
Now the car polls key fob every x period of time, but it still won’t stop the engine while you are driving (they don’t want you to cause freeway jams with your stolen car).
But the key fobs do a hash key exchange every x period to make it harder. But you can buy the tools to scan this traffic and decrypt this traffic easy enough.
The tools to recode fobs are not that expensive.
Mark
CirLott:
--- Quote from: yvesjv on Apr 08, 2023, 01:05:54 PM ---This on the geek channels, its quite a good read on how smart the crooks are evolving into
https://www.theregister.com/2023/04/06/can_injection_attack_car_theft_here
--- End quote ---
Hell, it's not just thieves anymore, it's real hackers.....
CirLott:
--- Quote from: mewgaf on Apr 10, 2023, 01:31:25 AM ---Not very surprising.
Car electronics are about as sophisticated as computers in the 70’s and 80’s.
I worked in IT security for a long time after being a motor mechanic.
The CAN Bus has no protection and getting added user function is more important.
Like I want to start my car and have it warm or remote open doors or wind down windows from any part of the world.
--- End quote ---
I don't know anything about electronics. But I have a question: why not just protect the CAN bus?
yvesjv:
--- Quote from: CirLott on Sep 05, 2023, 08:44:08 PM ---I don't know anything about electronics. But I have a question: why not just protect the CAN bus?
--- End quote ---
That is an excellent question.
The CAN bus probably has a focus on real time messaging and retaining integrity of the message.
But we are seeing IOT devices that are running some real time kernel types everywhere.
Wouldn't be surprised if someone has already thought of placing an IOT type controller (running on arm or similar) smack bang in the car as the 'brains'. This would make it possible to secure the car.
mewgaf:
The problem with the Can Bus Protocol, is that it does not have any security built in. So it’s like building a house and not fitting locks to the doors. Anybody can walk in and then they could listen to messages or pretend to send a message from any device and nobody says are you really you or is your message from you.
A complete rework of this protocol needs to be done (which was needed in the 80’s) but who is going to do it?
Until cars are being crashed and people killed nothing will be done.
Like most things with politics and so many players something one day will happen, as it is there is a base standard but most car manufacturers go their own way.
Hope this helps
Mark
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version