|
Not getting too detailed I'm pretty sure it's the LED tail lamps getting wonky with the frames per second DV was recording, but I have seen the strobe tail lights for cars that blink two or three times before solid red. Given most idiots on the road are too busy taking selfies I don't mind something trying to get their duck lipped face paying attention to what's going on in front of them. To all of the motorcycle riders with the strobing headlights though? They need a dick kicking. I hate those things and wonder how they are even legal.
|
#
?
Jul 2, 2015 21:26
|
|
|
|
| # ? May 12, 2024 22:36 |
|
|
Somewhat Heroic posted:To all of the motorcycle riders with the strobing headlights though? They need a dick kicking. I hate those things and wonder how they are even legal. At least you notice them.
|
|
#
?
Jul 2, 2015 21:31
|
|
|
Somewhat Heroic posted:Not getting too detailed I'm pretty sure it's the LED tail lamps getting wonky with the frames per second DV was recording, but I have seen the strobe tail lights for cars that blink two or three times before solid red. Given most idiots on the road are too busy taking selfies I don't mind something trying to get their duck lipped face paying attention to what's going on in front of them. I came up behind a pedal bike with one of those on the rear one time (yes, white strobe light pointing backwards). It was nighttime and it blew my vision out so bad I could barely stay on the road.
|
|
#
?
Jul 2, 2015 21:37
|
|
|
Do you use SRT Performance Pages at all? I'm associated with the team that builds and tests the app for all of the SRT brands. We've had some real struggles with the capabilities of the UI libraries available in the app framework, but keep trying to find little performance tweaks as we can. Is the gauge representation still noticeably laggy?
|
|
#
?
Jul 2, 2015 22:29
|
|
|
Alman posted:Do you use SRT Performance Pages at all? I'm associated with the team that builds and tests the app for all of the SRT brands. We've had some real struggles with the capabilities of the UI libraries available in the app framework, but keep trying to find little performance tweaks as we can. Is the gauge representation still noticeably laggy? I do use them, and yeah it's a little slow. One problem I have is that you guys capped the power meter, it maxes out at 650hp while the gauge in the cluster will read 740-750hp with a favorable DA, so it just sits at 650hp for 1/4 of the rev range at WOT. How is the car's power measured by the way? I noticed that the meter seems very accurate, lower DA will result in a significant power loss and it's represented well on the power/torque readout. I don't understand why the apps take so long to load when the data is right there in the gauge cluster. I was a software engineer closer to the beginning of my career so if you need details I'd be happy to give you guys specific feedback. One of the things Uconnect really needs is a Spotify app, and I hate that there's no "off" button for the radio. I want it to STFU sometimes and with bluetooth it will turn audio on even while paused or muted if a notification sound is played on the phone.
|
|
#
?
Jul 3, 2015 03:02
|
|
|
Do you leave the screen on auto brightness? It seems too bright at night on auto.
|
|
#
?
Jul 3, 2015 03:18
|
|
|
The car and that color looks fanfuckingtastic out on the track!
|
|
#
?
Jul 3, 2015 03:32
|
|
|
kimbo305 posted:Do you leave the screen on auto brightness? It seems too bright at night on auto. I do, but I think it's independently adjustable from the rest of the gauge cluster. Keep digging in the settings, also check here - https://www.driveuconnect.com/software-update/ most of the uconnects are at least a few versions behind by now.
|
|
#
?
Jul 3, 2015 04:06
|
|
|
Das Volk posted:I do, but I think it's independently adjustable from the rest of the gauge cluster. Keep digging in the settings, also check here - https://www.driveuconnect.com/software-update/ most of the uconnects are at least a few versions behind by now. I'm struggling to get the initiative to set up all the UConnect stuff. When the sales guy tried to run me through all the setup stuff, I was like, whoa buddy, I just want to drive the car. Coming from a car that barely had a touchscreen, I'm blown away that I can put songs on an SD card and have that read by the car. It's nice in a way to have all the gizmos and non-essential stuff tucked away into the screen, but Chrysler really half-assed it with the physical speedo. The digital one on the center gauge is still kind of wedged in.
|
|
#
?
Jul 3, 2015 04:14
|
|
|
Das Volk posted:I do use them, and yeah it's a little slow. One problem I have is that you guys capped the power meter, it maxes out at 650hp while the gauge in the cluster will read 740-750hp with a favorable DA, so it just sits at 650hp for 1/4 of the rev range at WOT. How is the car's power measured by the way? I noticed that the meter seems very accurate, lower DA will result in a significant power loss and it's represented well on the power/torque readout. I can talk for eons about this stuff. It's a little late here for an effort post (I'll make a longer post later), but the short answer is that pretty much any CAN signal you're seeing in Performance Pages is a direct representation of the value from the instrument cluster. I'd have to go back and check the specs to be sure, but I'm relatively positive everything comes from the IC. I'm not sure about the horsepower thing. I'll ask around next week. Maybe you found a defect for us  The main reason the apps take so long to load is because it's loading every single image asset into memory when you're launching the app. That's part of the limitation of the UI framework. I'll talk about it more in-depth when I have more time to post in the next couple days.The Spotify thing is a whole different clusterfuck, but the next generation of head units from FCA will support CarPlay and Android Auto which should remedy that. Unfortunately it won't be backwards compatible, at least as far as I know.
|
|
#
?
Jul 3, 2015 06:26
|
|
|
You guys tried compressing those image assets with something like pngquant? Knowing exactly zip about your architecture it might make more sense to blit from a single texture atlas instead of a mass of separate images too. My consulting rates start at ride in a Hellcat and top out with one Hellcat crate motor.
|
|
#
?
Jul 3, 2015 14:52
|
|
|
Oh man an effort post about that stuff would be awesome.
|
|
#
?
Jul 3, 2015 18:55
|
|
|
Z3n posted:Oh man an effort post about that stuff would be awesome. 
|
|
#
?
Jul 4, 2015 19:13
|
|
|
I for one would be interested in any Fiat/Chrysler/Jeep/Dodge/Ram/SRT electrical systems stuff you can share. Whether it is Viper specific or not. Please oh please oh please cover the ancient CCD and PCI buses, or tell me what SAE spec I have to buy for a message format/ID chart, or whose fingers I have to break 
|
|
#
?
Jul 5, 2015 04:49
|
|
|
Alman posted:I can talk for eons about this stuff. It's a little late here for an effort post (I'll make a longer post later), but the short answer is that pretty much any CAN signal you're seeing in Performance Pages is a direct representation of the value from the instrument cluster. I'd have to go back and check the specs to be sure, but I'm relatively positive everything comes from the IC. I'm not sure about the horsepower thing. I'll ask around next week. Maybe you found a defect for us Any comments on this? http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
|
|
#
?
Jul 21, 2015 19:01
|
|
|
Das Volk posted:Any comments on this? http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Holy poo poo what are car makers thinking?!?!?
|
|
#
?
Jul 21, 2015 22:34
|
|
|
CAT INTERCEPTOR posted:Holy poo poo what are car makers thinking?!?!? One more reason to never sign up for UCONNECT. Though if they can sniff you IP from any regular UCONNECT phone-home activity, it wouldn't help.
|
|
#
?
Jul 21, 2015 22:52
|
|
|
CAT INTERCEPTOR posted:Holy poo poo what are car makers thinking?!?!? Functionality and profit is far more important than an (until now) abstract threat. Even with the demonstrated threat, if it's not weaponized and scripted to the point that someone with minimal technical skill can perform the attack, it's highly difficult to actually perform these attacks. As this is a per car type attack, it's unlikely to be widespread - it has minimal value to common attackers such as government or criminal groups given the technical overhead for exploitation vs more traditional means of detaining/killing someone. Frankly, if someone is willing to kill you, there are many simpler ways than hacking your car. If it is trivially weaponized (download hackjeep app to sprint phone, kill people) well, that's going to be a very different problem. The sad reality is that a lack of technical expertise applied and lack of time spent on these sort of systems is really all that keeps you safe - obscurity is the protective factor, here, not proper system defensibility/etc. All of these sort of vulnerabilities are present in just about every piece of hardware and software you use, everywhere. If something is internet connected, it's highly likely it's remotely exploitable - developing secure things is possible but difficult, and more importantly, expensive. That car manufacturers haven't caught up to even the relatively poor current state of security shouldn't be a surprise, given that they have failed to create appropriate redundancy from basic hardware failure in their throttle by wire programming. We're creating security problems due to interconnected systems faster than we can fix them. It's gonna be a long, dark road ahead for at least a decade, probably more.
|
|
#
?
Jul 21, 2015 23:02
|
|
|
kimbo305 posted:One more reason to never sign up for UCONNECT. Though if they can sniff you IP from any regular UCONNECT phone-home activity, it wouldn't help. Signup is probably irrelevant - it's almost always a flag that simply doesn't expose the functionality, rather than actually disabling the software/hardware communications, as they still want access to that sweet data and usage/travel characteristics, plus there's likely some waivers in there for law enforcement usage. So if you don't want this sort of thing in your car, do your research, and don't buy cars that have this kind of functionality.
|
|
#
?
Jul 21, 2015 23:04
|
|
|
Or disconnect the antenna and connect a 50 ohm dummy load with the appropriate RF connector to the port instead. Still not a guarantee, I know people who have had SAR show up (and scare the poo poo out of their wife) when they bumped the test button on their ELT with the antenna disconnected and the plane parked inside a corrugated sheetmetal hangar, but it certainly reduces the chances. I'm really not a fan of the whole idea, for all the reasons Z3n gave. In fact he put it far more succinctly than I did in another thread.
|
|
#
?
Jul 22, 2015 00:30
|
|
|
Z3n posted:Functionality and profit is far more important than an (until now) abstract threat. I do have a slight clue about how many holes in software there are and how hard they are to protect - but the issue is the attack vector should never of loving happened in the first place and the ability to override steering and brakes likewise should not have existed. And actually it's very easy to defend against attack if you just simply don't have that ability in the first place
|
|
#
?
Jul 22, 2015 00:52
|
|
|
kastein posted:Or disconnect the antenna and connect a 50 ohm dummy load with the appropriate RF connector to the port instead. Speaking of antennas, the Viper's radio antenna is so weak. WTF, it's 2015. This is a solved problem. I got reception no problem in my basement parking in the Z06, but the moment I drive through the garage door, I get huge static in the Viper. When I get to my parking spot, it's nothing but static. Maybe they put the least accomplished engineer on things that don't matter to driving, but goddammit it's just radio.
|
|
#
?
Jul 22, 2015 01:16
|
|
|
TBH it's probably the same active sharkfin antenna they designed for the 1997 Concorde or something.
|
|
#
?
Jul 22, 2015 01:19
|
|
|
kastein posted:TBH it's probably the same active sharkfin antenna they designed for the 1997 Concorde or something. There's a pod on the top of the rear hatch, but I figured that was for the defrosting wires: http://i.imgur.com/yOLNFTo.jpg
|
|
#
?
Jul 22, 2015 01:33
|
|
|
CAT INTERCEPTOR posted:I do have a slight clue about how many holes in software there are and how hard they are to protect - but the issue is the attack vector should never of loving happened in the first place and the ability to override steering and brakes likewise should not have existed. And actually it's very easy to defend against attack if you just simply don't have that ability in the first place If you can't override the driver's brake input, you can't have ABS - you can debate around if people actually need automatic lane change correction, self parking, etc, etc, but I'm pretty sure that stuff is here to stay and all of that requires the ability to over-ride the steering. Between that, ABS, and throttle by wire, any modern car has technology in the critical path for basically all components. The implication is there's some firmware over writing that needs to be done to disable safeguards, etc, but if they have a way to spoof the firmware update process, they own the hardware in the car and it's all over.
|
|
#
?
Jul 22, 2015 04:25
|
|
|
Z3n posted:If you can't override the driver's brake input, you can't have ABS You most certainly can in older cars. And all that other poo poo should most certainly be able to be overridden or doesn't become active unless you press a button like self parking. You again missed the point what I am getting at. The fact that that poo poo is BY WIRELESS able to be accessed should just never of happened. I can accept that such system can be accessed via the physical ODB port. But by loving wireless?!?!!? This shows a level of interconnect on CANBUS that just should never of happened at all. This is a fundamental design flaw that any dickhead could have seen would be exploited.
|
|
#
?
Jul 22, 2015 05:57
|
|
|
CAT INTERCEPTOR posted:You again missed the point what I am getting at. The fact that that poo poo is BY WIRELESS able to be accessed should just never of happened. I can accept that such system can be accessed via the physical ODB port. But by loving wireless?!?!!? This shows a level of interconnect on CANBUS that just should never of happened at all. This is a fundamental design flaw that any dickhead could have seen would be exploited. Lol dude we in the infosec community have known about this problem since 2008. It's just that these guys planning to go public might be the thing that finally makes car manufacturers give a poo poo. Cars? Planes? UAS? Big loving expensive science experiments? All of these things are designed by mechanical engineers, or aerospace engineers, or scientists, not computer programmers, and certainly not infosec computer programmers, which are a different breed. It's natural that they are vulnerable, and they will continue to be vulnerable until they become so ubiquitous that a small group of security researchers (what the media calls hackers) decide to poke around and see what they're really made of. No system is ever secure, it's just a question of how hard a particular method is and if it has been documented already.
|
|
#
?
Jul 22, 2015 06:39
|
|
|
This is bad and bigger than jeeps. Automakers are going to use this as propaganda to be allowed to lock down their computer stuff, essentially killing Right to Repair. chrysler is going to be the reason your 2020 chevrolet can only be diagnosed at a chevrolet dealership at whatever rate the dealership feels like charging and will be done whenever the dealership decides to do it. New electrical parts can only be coded to your car by a chevy dealership with a chevy computer, so you can have it diagnosed, towed to an independant shop, repaired, and towed back to the dealership to have the parts activated.
|
|
#
?
Jul 22, 2015 06:48
|
|
|
CAT INTERCEPTOR posted:You most certainly can in older cars. And all that other poo poo should most certainly be able to be overridden or doesn't become active unless you press a button like self parking. Modern buttons are a courtesy notice to the computer that the user would like to do something. If the attacker controls the computer, it's over, no matter what. Given enough time, someone will find a hole in any system. You put in place hard segmentations you lose critical access to functionality that you may be required to maintain by law, or may want in order to establish the validity of warranty claims, offer GPS services, help roadside support/techs diagnose issues with the car, use to develop the software on the ECUs, fix bugs in software, etc, etc, etc. Not to mention they're probably developing this in a very distributed fashion - design of these systems is complicated and farmed out to many different groups, and there's little responsibility or security oversight on the large scale problems. Shared meta responsibilities like security are essentially impossible to implement without a business reason to drive towards it. Not to mention every developer of every component is going to say all the right words about how their systems/products are very secure and protected by industry standards. The problem is the industry standards are non-existent, and there is so much bullshit and so many little extra processors and 3rd party libraries and "disabled" functionality and potential vulnerabilities scattered around in every system that it's basically impossible to build secure devices right now because we have no secure foundation to build on. It's lovely, broken turtles all the way down, but no one cares and frankly, this likely won't change a drat thing. We are designing security flaws into our systems at a rate that exceeds our ability to fix them by an order of magnitude, if not multiple orders of magnitude, and very little is going to change that for at least a decade, probably more. Chrysler's line on this is going to be "we patched the problem, it's a non-issue" while pushing for the sort of regulations Powershift is talking about, and it's going to gently caress over home mechanics in the long run. Or they're going to have to start jailbreaking their cars to get them to work on generic parts, which is sort of the great long term irony and cycle of it - in the long run if things go the way auto makers want them to, guys like Charlie Miller are going to be the folks that let you actually work on the things that you own by continuing to defeat car security controls. Z3n fucked around with this message at 07:15 on Jul 22, 2015 |
|
#
?
Jul 22, 2015 07:11
|
|
|
^ is again right. The worst part is that when (not if) they push to lock all that stuff down, guess what? Hackers will still have access to it, but you won't and legit researchers won't be reporting bugs because they would get sued. As usual, you can't keep people who do not obey the law from doing something that is physically possible. People in favor of regulating behavior and controlling ownership have never and will never understand this until bitten by it, so, well, the future is going to suck, I hope it causes a fiasco sooner rather than later so we can just scrap the whole idea before wasting too much time on it. Good thing IDA Pro is easy to use and embedded systems engineers typically leave the footprint for the jtag port right there, so if I care enough I will still have access, gently caress all the rest of you, you are on your own 
|
|
#
?
Jul 22, 2015 08:08
|
|
|
Z3n posted:
This is literally FCA's response. A guy here called FCA to inquire about it and their response was we released a patch, install it, we're done with it. So, you are spot on. Also the local dealer had no clue what he was talking about until he told them to go look at the TSB that was released.
|
|
#
?
Jul 22, 2015 13:59
|
|
|
Wouldn't it be easy enough for them to put the infotainment stuff on it's own network within the car? They can still have a second network that can access the CANBUS to give you real-time driving data on gauges like the new Viper and I think the Hellcat have. That would solve the issue, wouldn't it?
|
|
#
?
Jul 22, 2015 14:28
|
|
|
GentlemanofLeisure posted:Wouldn't it be easy enough for them to put the infotainment stuff on it's own network within the car? They can still have a second network that can access the CANBUS to give you real-time driving data on gauges like the new Viper and I think the Hellcat have. That would solve the issue, wouldn't it? The GPS in my nav/infotainment unit can send the GPS data to the small cluster in my dash panel which also displays all kinda info about the actual Jeep(tire pressure, oil change info/etc), so I'm not sure if having it on separate networks would still allow that.
|
|
#
?
Jul 22, 2015 14:31
|
|
|
Powershift posted:This is bad and bigger than jeeps. 
|
|
#
?
Jul 22, 2015 14:46
|
|
|
CAT INTERCEPTOR posted:You most certainly can in older cars. quote:You again missed the point what I am getting at. The fact that that poo poo is BY WIRELESS able to be accessed should just never of happened. I can accept that such system can be accessed via the physical ODB port. But by loving wireless?!?!!? This shows a level of interconnect on CANBUS that just should never of happened at all. This is a fundamental design flaw that any dickhead could have seen would be exploited. mattfl posted:The GPS in my nav/infotainment unit can send the GPS data to the small cluster in my dash panel which also displays all kinda info about the actual Jeep(tire pressure, oil change info/etc), so I'm not sure if having it on separate networks would still allow that. My old E46 BMW has the entertainment and comfort systems on one network called I-Bus. The critical drive systems are on another similar network called K-Bus. The worst someone could do with access to the I-Bus is crank the radio and lower the windows. Supposedly one could also control the lights, but I never got that working when I was messing around with it. Cruise control and other safety-critical systems aren't available to the radio no matter what. IIRC the instrument cluster is attached to both networks, but is specifically designed to act as a restrictive gateway rather than providing raw access. This is a lot like all that software that needed a redesign when Windows Vista/7 came around and no longer allowed access to everything by default. Most software didn't actually need that access, but because they had it they took the lazy way out and ended up creating a security nightmare in the process.
|
|
#
?
Jul 22, 2015 15:54
|
|
|
While you can absolutely design secondary networks, firewall, segment, etc, all of these things are still subject to the same core problem that we build these systems with stacks of code on code on code that no individual has evaluated or understands as a comprehensive whole. There are only a tiny minority of folks who could be reasonably trusted to write secure code, fewer who can securely architect systems in a way that meets business goals, and the number of those people who are not currently employed by the tech or gov sectors is basically zero - baseline salary for these people is in the hundreds of thousands of dollars plus likely millions in stock, and I don't think the auto industry is at the point where they're ready to pay that kind of money, nor would they see the value in it. Also, airlines have supposed network segmentation by design but that segmentation is poorly implemented and comes with a pile of other problems, like firewall issues and configuration problems that make them trivial to bypass. It's also a matter of power - your security people have to have the authority to push back release dates, be involved in seemingly trivial design decisions, enforce those decisions, validate that development has been done to spec, communicate the value of the work done to the executive tier, etc, etc. IMHO, this is a non-starter of a problem - the auto industry regularly deals with far worse repercussions for fuckups that involve people dying, that a select few could spend years developing a body of research to cause your car to shutdown is a trivial risk against the potential for someone to simply drive their car into a wall. We need some form of catastrophic tragedy as a result of our development practices before any things going to change - probably something that has a death toll in the thousands, and is a indicator of endemic failure in the way we interact with computers, not something that is the responsibility of a single company/government unit. Z3n fucked around with this message at 17:13 on Jul 22, 2015 |
|
#
?
Jul 22, 2015 17:09
|
|
|
GentlemanofLeisure posted:Wouldn't it be easy enough for them to put the infotainment stuff on it's own network within the car? They can still have a second network that can access the CANBUS to give you real-time driving data on gauges like the new Viper and I think the Hellcat have. That would solve the issue, wouldn't it? I was speaking to a guy who claimed to be an FCA engineer last night and he said they did and that this is nonsense and isn't as bad as the Wired article says it is. I don't know who to believe but they released a patch so I lean toward believing the article. As for "having a second network that can access the CAN bus"... you have some pretty critical misunderstandings here. The CAN bus IS the network, and making a second one, while a good start (and one he claimed they use, which is why he says it's not as bad as the article claims), does nothing to keep a hacked infotainment system from simply transmitting malicious commands on that one instead, if it's wired to both and isn't carefully set up to be physically incapable of doing so. Nor does it prevent a determined intelligent hacker from finding a vulnerability in the next piece of hardware over (say, the BCM or ECU/PCM) that has access to both buses, subverting it somehow (I'd be very surprised if that's impossible) and using that to make the jump to the more important network. Adding a wireless link into a safety critical system is just something that has to be approached very carefully, which is what Z3n has been saying all along. Meanwhile, car companies want to release their latest and greatest new car with an all new infotainment system next year, and they want it to interface with the drivetrain so it can work more seamlessly together, so they get some off the shelf RTOS software package, put it on their hardware platform, slap it on the CAN bus and listen for the data they want, without ever really considering the repercussions of what could happen if someone hacks it and changes the firmware so it can send commands it isn't supposed to to a bus it's only supposed to listen on. As we keep saying, automotive embedded systems security is probably about where we were in the early 90s with the internet and desktop computers. Remember all those buffer overrun vulnerabilities, authentication failures, etc? Yeah, those who do not learn from history are bound to repeat it. Welcome back to infosec circa 1993.
|
|
#
?
Jul 22, 2015 17:29
|
|
|
kastein posted:Welcome back to infosec circa 1993. The scary (really scary) thing about now versus 1993 is, in 1993, if you found some crap, you weren't quite as liable to get sued/arrested/etc for any white-hatting. Hell, if you wrote some really good exploits, you got a job!
|
|
#
?
Jul 22, 2015 17:47
|
|
|
kastein posted:As for "having a second network that can access the CAN bus"... you have some pretty critical misunderstandings here. The CAN bus IS the network, and making a second one, while a good start (and one he claimed they use, which is why he says it's not as bad as the article claims), does nothing to keep a hacked infotainment system from simply transmitting malicious commands on that one instead, if it's wired to both and isn't carefully set up to be physically incapable of doing so. Nor does it prevent a determined intelligent hacker from finding a vulnerability in the next piece of hardware over (say, the BCM or ECU/PCM) that has access to both buses, subverting it somehow (I'd be very surprised if that's impossible) and using that to make the jump to the more important network. Here's where the Cherokee vs Viper gets interesting, from an older paper published by Miller and Valasek: Cherokee:    Viper:   So both have a CAN C and a CAN IHS, and it seems like most of the stuff that you'd be majorly worried about is on CAN C. In the Cherokee, the radio is connected to both C and IHS. In the Viper, it's connected to just IHS and the BCM is the only thing connected to both. (Both vehicles also have a 'LIN' that seems to be fully separated from everything else). So to do this attack on a Viper, you'd need to hack the radio, then use it to hack the BCM, and then you'd have full control. Whereas in the Cherokee, if you hack the radio, you can send commands directly to both busses. Really, the only way around this that I can see is you have to treat whatever devices have direct internet access as if they are unsecure. Ideally your radio can't be hacked remotely, but to keep the car secure you have to assume it can. You'd need something sitting in between to ideally block its ability to send commands to anything else, or at least heavily inspect them and throw up a giant red flag if it sees the radio trying to send high-priority commands.
|
|
#
?
Jul 22, 2015 18:01
|
|
|
|
| # ? May 12, 2024 22:36 |
|
|
http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/ An "official" list of vehicles this affects.
|
|
#
?
Jul 22, 2015 19:39
|
|