Car Hacks

Wired UK is doing an article on hobbiest car hacking. They want some examples of cool/fun car hacks that people have done.

Does anyone have any cool ones that they would like to point out. Navigation hacks? maybe burning man related? This is a pro-hacking piece so no car theft hacks please :slight_smile:

They are looking for different parts of the car, dash, engine, lights, door, etc.

Suggestions?

I’ve used aftermarket software and a proprietary OBD-II cable (software is “free” but only works if the $300 cable with built in dongle is connected) to allow keyless window operation on my VW. They share the same control modules as Audi but get dumbed down to make the Audis look more luxurious.

Also hacked a bulb holder into an unused lens of my US spec tail light housings, changed some wiring, and again changed some code with that software to mimic the European spec light configuration. Also used it to disable DRL and allow my halogen “flash to pass” bulbs to come on with my HID high beams.

Neither are something I’ve come up with, just followed online tutorials.

Other than that, I’ve bent a pin on the light switch to disable DRLs in older cars, and I’ve been wanting to hack an aux input back into the car since they remove it when they install the terrible factory iDevice hookup.

Nothing particularly exciting… haha.

Ian M.

Those all work. Plus any cool things you’ve read about on the web or seen someone else do.

Does reverse engineering car computers count?
-D

pgmfi.org
openecu.org
…

Craig,

In case you don’t look at Hack-a-Day much, they’ve been featuring CAN hacking over the last few weeks. Might be a great time to tell them about CANiBUS.

This is excellent. I need to free up some time to go over it. I’m glad you pointed this out. Although I’m not sure CANiBUS is ready for hackaday love just yet. It does work as a sniffer but the real features are just not implemented yet.

Your BMW can be stolen by any idiot with a $30 hacking kit

BMW keyOn-board diagnostics (OBD) security bypass kits, replete with reprogramming modules and blank keys, are reportedly enabling low-intelligence thieves to steal high-end cars such as BMWs in a matter of seconds or minutes.

According to The Register, the $30 bypass tools are being shipped from China and Eastern Europe in kit form to unskilled criminals.

It looks like it’s not just BMWs, mind you.

A post on the car enthusiast site Pistonheads suggests that devices similar to those used to steal BMWs are also available for Opel, Renault, Mercedes, Volkswagen, Toyota and Porsche Cayennes.

UK police are also seeing fancy cars whisked away by criminals believed to be using the kits, with the deprived owners still having the keys in their possession.

It’s becoming so prevalent, in fact, that Warwickshire police released a press release warning BMW owners to take extra precautions, stating that 154 of the high-end cars have been stolen since January.

BBC WatchdogIn August, London’s Metropolitan Police left leaflets under windscreens, warning BMW owners their cars were likely to be targeted, according to a recent BBC Watchdog investigation into the thefts.

The tool was originally designed for garages and car recovery agents to get into different cars after owners had lost their keys. The kits have since been packaged up by criminal hackers, who have picked apart the security weaknesses of the OBD network.

To use the tool, car thieves first need to intercept the transmission between a valid key fob and a car before they can then reprogram the blank key, which they can then use to start or open the car via the OBD network.

The BBC rolled its camera skyward while its news reporters were using the key in its Watchdog investigation, but I found online videos showing how easy it is to use the tool - or, at least, a device that fits the tool’s description.

If the video I found is an accurate depiction, even the village idiot could be behind the wheel of a fine ride with a $30 investment and a few minutes.

Still from OBD tool video

(By the way, Naked Security has chosen not to embed the video because it may encourage criminal activity, and we have no wish to promote sales of such tools to unauthorised parties)

BMW last week put out a statement saying it’s aware of the new method of car thievery and is looking into how to mitigate it.

One way is to not own a BMW built before September 2011, apparently:

"After extensive research we are clear that none of our latest models - new 1 Series Hatch, 3 Series, 5 Series, 6 Series and 7 Series - nor any other BMW built after September 2011 can be stolen using this method. However, as a responsible manufacturer we are looking at ways of mitigating against this new kind of attack."

Customers worried about theft of targeted models can call their local BMW dealer.

BMW’s offering extra technical measures that it says will keep cars from getting ripped off with the hacking kits, although, it says, “there is no such thing as an unstealable car.”

So what are the security holes in OBD?

As pointed out by Rob VandenBrink in a presentation (PDF) delivered at a SANS Technology Institute security conference in July, OBD looks like “a slower, dumber Ethernet (sorta).”

For details on those weaknesses, check out his paper.

Rob VandenBrink's presentation

In summary, VandenBrink says:

"Unfortunately, the On Board Diagnostic (OBD) network in our cars is completely open, completely documented, and is being pushed more and more to open, documented and unauthenticated wireless access."

But wait, there’s more. Short of allowing your ride to be stolen, security researchers at the University of Michigan and the University of Washington have shown that OBD shortcomings allow these other automotive WiFi shenanigans:

  • Locking and unlocking doors
  • Honking the horn
  • Wireless attack through tire pressure sensors
  • Trojan delivered via music CD

This stuff isn’t new. The CD Trojan piece goes back to 2011.

What’s new is how erudite hacker knowledge of OBD’s limitations has been commoditized and marketed in these easy-to-use, cheap kits.

Should you shake down your car manufacturer to get better defences?

Unfortunately, it probably won’t do you much good if you do, between the need for mechanics to have some type of tool to get into your car and competition laws requiring open standards.

Here’s what the Pistonheads post had to say about it:

"The reason this form of theft is currently so rife … - is that European competition rules require diagnostic and security reprogramming devices to be available to non-franchised garages. As we understand it, this effectively means that car companies cannot restrict access to or use of OBD ports."

"Unfortunately it also means that, to a certain extent, the hands of car companies are tied..."

What you can do: contact your car dealer to see if they have mitigation techniques that will help, as BMW promises.

The Warwickshire Police also offer these safety tips, although they are unlikely to be much of a deterrent to a determined ODB hacker who gains access to your vehicle:

  • Try the door handle after using your key to lock your car, to double check that it is actually locked.
  • Take a good look around when leaving the vehicle to see if you can spot anyone waiting nearby or in a vehicle in the vicinity, especially if you check and find the door to still be open.
  • Report anything suspicious to the police: they want to nab these guys.

Ultimately, it’s worth remembering - as BMW admits - that there’s “no such thing as an unstealable car”.

Your BMW can be stolen by any idiot with a $30 hacking kit

BMW keyOn-board diagnostics (OBD) security bypass kits, replete with reprogramming modules and blank keys, are reportedly enabling low-intelligence thieves to steal high-end cars such as BMWs in a matter of seconds or minutes.

According to The Register, the $30 bypass tools are being shipped from China and Eastern Europe in kit form to unskilled criminals.

It looks like it’s not just BMWs, mind you.

A post on the car enthusiast site Pistonheads suggests that devices similar to those used to steal BMWs are also available for Opel, Renault, Mercedes, Volkswagen, Toyota and Porsche Cayennes.

UK police are also seeing fancy cars whisked away by criminals believed to be using the kits, with the deprived owners still having the keys in their possession.

It’s becoming so prevalent, in fact, that Warwickshire police released a press release warning BMW owners to take extra precautions, stating that 154 of the high-end cars have been stolen since January.

BBC WatchdogIn August, London’s Metropolitan Police left leaflets under windscreens, warning BMW owners their cars were likely to be targeted, according to a recent BBC Watchdog investigation into the thefts.

The tool was originally designed for garages and car recovery agents to get into different cars after owners had lost their keys. The kits have since been packaged up by criminal hackers, who have picked apart the security weaknesses of the OBD network.

To use the tool, car thieves first need to intercept the transmission between a valid key fob and a car before they can then reprogram the blank key, which they can then use to start or open the car via the OBD network.

The BBC rolled its camera skyward while its news reporters were using the key in its Watchdog investigation, but I found online videos showing how easy it is to use the tool - or, at least, a device that fits the tool’s description.

If the video I found is an accurate depiction, even the village idiot could be behind the wheel of a fine ride with a $30 investment and a few minutes.

Still from OBD tool video

(By the way, Naked Security has chosen not to embed the video because it may encourage criminal activity, and we have no wish to promote sales of such tools to unauthorised parties)

BMW last week put out a statement saying it’s aware of the new method of car thievery and is looking into how to mitigate it.

One way is to not own a BMW built before September 2011, apparently:

"After extensive research we are clear that none of our latest models - new 1 Series Hatch, 3 Series, 5 Series, 6 Series and 7 Series - nor any other BMW built after September 2011 can be stolen using this method. However, as a responsible manufacturer we are looking at ways of mitigating against this new kind of attack."

Customers worried about theft of targeted models can call their local BMW dealer.

BMW’s offering extra technical measures that it says will keep cars from getting ripped off with the hacking kits, although, it says, “there is no such thing as an unstealable car.”

So what are the security holes in OBD?

As pointed out by Rob VandenBrink in a presentation (PDF) delivered at a SANS Technology Institute security conference in July, OBD looks like “a slower, dumber Ethernet (sorta).”

For details on those weaknesses, check out his paper.

Rob VandenBrink's presentation

In summary, VandenBrink says:

"Unfortunately, the On Board Diagnostic (OBD) network in our cars is completely open, completely documented, and is being pushed more and more to open, documented and unauthenticated wireless access."

But wait, there’s more. Short of allowing your ride to be stolen, security researchers at the University of Michigan and the University of Washington have shown that OBD shortcomings allow these other automotive WiFi shenanigans:

  • Locking and unlocking doors
  • Honking the horn
  • Wireless attack through tire pressure sensors
  • Trojan delivered via music CD

This stuff isn’t new. The CD Trojan piece goes back to 2011.

What’s new is how erudite hacker knowledge of OBD’s limitations has been commoditized and marketed in these easy-to-use, cheap kits.

Should you shake down your car manufacturer to get better defences?

Unfortunately, it probably won’t do you much good if you do, between the need for mechanics to have some type of tool to get into your car and competition laws requiring open standards.

Here’s what the Pistonheads post had to say about it:

"The reason this form of theft is currently so rife … - is that European competition rules require diagnostic and security reprogramming devices to be available to non-franchised garages. As we understand it, this effectively means that car companies cannot restrict access to or use of OBD ports."

"Unfortunately it also means that, to a certain extent, the hands of car companies are tied..."

What you can do: contact your car dealer to see if they have mitigation techniques that will help, as BMW promises.

The Warwickshire Police also offer these safety tips, although they are unlikely to be much of a deterrent to a determined ODB hacker who gains access to your vehicle:

  • Try the door handle after using your key to lock your car, to double check that it is actually locked.
  • Take a good look around when leaving the vehicle to see if you can spot anyone waiting nearby or in a vehicle in the vicinity, especially if you check and find the door to still be open.
  • Report anything suspicious to the police: they want to nab these guys.

Ultimately, it’s worth remembering - as BMW admits - that there’s “no such thing as an unstealable car”.