|
Safety Dance posted:Every now and then I think about it too hard and get freaked out because all automobiles are susceptible to this kind of attack whenever they're outside. You only need the secure CANBUS on the access and engine controls. Just run two separate busses, or like with traditional networking VLANS. You can even have the two busses talk to each other, but only able to pass data that makes sense to pass. It's not that hard (says the relative layman...), but carmakers don't want to put effort into anything that doesn't *directly* translate into "more truck sales". People might say they care about tech or security, but they won't pay more for the latter. The primary ECU and door control modules don't need to know what the damned headlights are doing. edit: tater_salad posted:Why does my wiper need to connect to an encrypted in car network.. they've been on a manual switch for 100 years and that has worked just fine That, too, really. Though CANBUS is handy for reducing the number and complexity of the actual wiring, with the caveat of increasing the complexity of the components.
|
# ? Apr 5, 2023 21:55 |
|
|
# ? Jun 1, 2024 21:20 |
|
Darchangel posted:You only need the secure CANBUS on the access and engine controls. Just run two separate busses, or like with traditional networking VLANS. You can even have the two busses talk to each other, but only able to pass data that makes sense to pass. It's not that hard (says the relative layman...), but carmakers don't want to put effort into anything that doesn't *directly* translate into "more truck sales". People might say they care about tech or security, but they won't pay more for the latter. Encryption can be cracked with physical access. Very easily with the resources available now. There has to be a layer somewhere that crosses from encrypted to not. That'll be a physical entry point. These things are cost analyzed to be just secure enough that a average passer by can't have a day out on the town. If someone ultimately wants it, they're going to get it. The only thing that can be done is to discourage or slow them down. This will add cost and complexity that will be palmed off to the buyer. Oh but the door modules do need relevant lighting information. Not just puddle lamps but also backlit buttons and mood lighting. Complexity of the component is on the house. most MCUs support can bus out of the box and need a dusting of passives and maybe a transceiver. It's a lot less involved than say, running 14awg wire everywhere sans relays like cars were 30 years ago.
|
# ? Apr 5, 2023 22:17 |
|
cursedshitbox posted:Encryption can be cracked with physical access. Very easily with the resources available now. There has to be a layer somewhere that crosses from encrypted to not. That'll be a physical entry point. These things are cost analyzed to be just secure enough that a average passer by can't have a day out on the town. If someone ultimately wants it, they're going to get it. The only thing that can be done is to discourage or slow them down. This will add cost and complexity that will be palmed off to the buyer. The article makes a good point though: the headlight is a very attractive target because you can pop the bumper cover clips and get to the CAN network without significant tooling or doing much lasting damage. If the smart key CAN message was cryptographically signed, you'd have to get to the smart key controller. If that was tucked up behind, say, the heater core, the attacker would have to smash the window and disassemble the whole dash to get to it. That would shift the cost/benefit calculation for many thieves.
|
# ? Apr 5, 2023 22:37 |
|
Safety Dance posted:I also got to thinking about secure / encrypted CANBUS one day, but it would drive a lot of right-to-repair people crazy when every wiper motor came with a relearn procedure. That said, not everything on the network needs to be encrypted either. It's possible to secure the keyless entry system without locking down modules for which the worst case scenario would be inconvenience if signals were spoofed. I'm not sure what realistic concerns there would actually be about a wiper motor being spoofed, where obviously a keyless entry receiver should be carefully authenticated. Darchangel posted:You only need the secure CANBUS on the access and engine controls. Just run two separate busses, or like with traditional networking VLANS. You can even have the two busses talk to each other, but only able to pass data that makes sense to pass. It's not that hard (says the relative layman...), but carmakers don't want to put effort into anything that doesn't *directly* translate into "more truck sales". People might say they care about tech or security, but they won't pay more for the latter. I mean my cheap little 2015 Fiesta has three separate CAN networks, of which only two are easily accessible. One has most of the comfort systems (infotainment, HVAC, etc.), the second has most of the vehicle systems, and the third is just ABS, ECU, and airbags IIRC.
|
# ? Apr 6, 2023 17:56 |
|
wolrah posted:just for whatever stupid reason the keyless entry system was on the same network as the headlights They are on the same network because they both need to talk to the body control ECU. At some point you need to reconcile the fact that many ECUs need to talk to many other ECUs and you can't create a new network for every function.
|
# ? Apr 6, 2023 18:33 |
|
Salami Surgeon posted:They are on the same network because they both need to talk to the body control ECU. At some point you need to reconcile the fact that many ECUs need to talk to many other ECUs and you can't create a new network for every function. Allowing traffic from a high security network to a low security network is usually better than the other way around, assuming you're not dealing with confidential/classified data.
|
# ? Apr 6, 2023 19:22 |
|
Allowing, for example, the "vehicle unlock" packet to come from anything other than the keyless module is just dumb, though.
|
# ? Apr 6, 2023 20:32 |
|
Darchangel posted:Allowing, for example, the "vehicle unlock" packet to come from anything other than the keyless module is just dumb, though. I'd also expect it to come from like the SRS module. In either case, I'd think no one is spending money on more security development than is required, but then again ECU and ABS modules are locked down tight so
|
# ? Apr 6, 2023 20:38 |
|
Darchangel posted:Allowing, for example, the "vehicle unlock" packet to come from anything other than the keyless module is just dumb, though. The network itself is just a pair of wires, there's no intelligence outside the devices and thus no filtering anywhere other than gateways. Any device on a given network can send messages with any ID it wants to. It's like open WiFi or an old school non-switched ethernet network. The spoofer device sends messages with the expected ID and they are not authenticated beyond that. As far as anything else on the network is concerned those messages DID come from the keyless module.
|
# ? Apr 6, 2023 22:31 |
|
wolrah posted:As described the attack device is spoofing the ID of the keyless module, while at the same time jamming the network so conflicting messages from the real keyless module don't get through. Oh right, that makes sense. I guess the obvious countermove is that the key validation module has a separate direct connection to at least one critical system?
|
# ? Apr 6, 2023 22:45 |
|
Computer viking posted:Oh right, that makes sense. I guess the obvious countermove is that the key validation module has a separate direct connection to at least one critical system? You could do that but it's not really any more secure than the old 12v to ignition module, the real way to do it is have a proper cryptographic handshake between the key module and the ECU/doorlock, you can still do that on the bus without compromising any real security. It's not all that hard, and the hardware systems in most current cars are capable of it as the article points out, they just didn't bother because as it is in all computer systems, security is a cost center.
|
# ? Apr 6, 2023 22:49 |
|
Safety Dance posted:The article makes a good point though: the headlight is a very attractive target because you can pop the bumper cover clips and get to the CAN network without significant tooling or doing much lasting damage. If the smart key CAN message was cryptographically signed, you'd have to get to the smart key controller. If that was tucked up behind, say, the heater core, the attacker would have to smash the window and disassemble the whole dash to get to it. That would shift the cost/benefit calculation for many thieves. Most houses can be broken into easily. You still lock the loving door.
|
# ? Apr 6, 2023 22:50 |
|
evil_bunnY posted:People who say there's no security against physical access are never interested in the nuances. There's no 100% against physical attacks, but you can implement many countermeasures against physical compromise, it just costs money. Lol, like locksport nerds talking about how locks just keep honest people honest and any lock can be picked when the topic of conversation is a townhouse in the rich part of town. Guys, if the CIA is after me I'm just gonna loving die. But whomst etc Blue Footed Booby fucked around with this message at 00:20 on Apr 7, 2023 |
# ? Apr 6, 2023 23:45 |
|
Darchangel posted:Allowing, for example, the "vehicle unlock" packet to come from anything other than the keyless module is just dumb, though. CAN has no concept of node addresses or anything like that. It's old and designed for simplicity and reliability. A message has a single identifier that is used to determine what it is. Any device can send a message with any ID and you can't tell who sent it. efb
|
# ? Apr 7, 2023 00:22 |
|
So is this when I point out Teslas have had a BLE transceiver on the rear exterior of the car for years now? (it's behind the rear bumper cover.. also the very first thing to get crushed when one gets even a light love tap since there's nothing between it and the cover, and a replacement requires pairing with the car...) https://electrek.co/2022/05/17/tesla-singled-out-bluetooth-hack-unlock-cars/ randomidiot fucked around with this message at 02:08 on Apr 7, 2023 |
# ? Apr 7, 2023 02:02 |
|
Kafouille posted:You could do that but it's not really any more secure than the old 12v to ignition module, the real way to do it is have a proper cryptographic handshake between the key module and the ECU/doorlock, you can still do that on the bus without compromising any real security. It's not all that hard, and the hardware systems in most current cars are capable of it as the article points out, they just didn't bother because as it is in all computer systems, security is a cost center. You could bury the entire thing somewhere deep in the dash, though - if you have to do a full "replacing AC parts" style teardown to get to the relevant wire, that's at least better. Proper pubkey auth would be nice and all, but as you say that doesn't seem as likely to happen.
|
# ? Apr 7, 2023 02:24 |
|
Safety Dance posted:The article makes a good point though: the headlight is a very attractive target because you can pop the bumper cover clips and get to the CAN network without significant tooling or doing much lasting damage. If the smart key CAN message was cryptographically signed, you'd have to get to the smart key controller. If that was tucked up behind, say, the heater core, the attacker would have to smash the window and disassemble the whole dash to get to it. That would shift the cost/benefit calculation for many thieves. It's likely that it already is signed and the device they purchased contains a legitimate certificate stolen from either corporate or a dealership diagnostic tool. IMHO it is not as challenging to recover the contents of the chip as they make it out to be, it looks more impressive if they present it like this instead of "we can unlock your locked door with the key and flip some nearby switches". They do not have access to an actual RAV4 or the dealership tools with the certs that have diagnostic authority to confirm that no signing is happening. They've also admitted that Toyota's design is competent enough that doing something like attempting to fuzz the devices with garbage would render the car inoperable until it was reset at a dealership, essentially tipping them off every time an attempt is made. I do not know much about Toyota ECUs but virtually everyone else has been using provisioned ECUs for a while now. Hell, we're at the point now where Blackfin DSPs are becoming more widespread in poo poo like synthesizers and samplers because their security provisioning/firmware toolchain is airtight. Stealing one certificate only gets you communication. There's a nesting doll of additional certificates for things like reading/writing editable files on storage and then various parts of the firmware. With the innermost poo poo signed by a key the vendor never has access to. I think they were wise to use the door unlocking as an example, do you see what else they could get to on that side of the gateway? That's right. The loving parking brake. As in, if it wasn't in gear they could then roll it away, or they could attempt to engage it while the vehicle is moving. It's been a long time but when whoever demonstrated the attack on the BMW brake controllers that was a whole shitstorm. E: Also, automotive security has some really stupid rules. They have a lot more leeway than other industries to point at random poo poo and say "trade secret" and slap you down hard. Double Edit: If you're wondering "what next" in terms of securing things, I would look to how Apple is absorbing everything into their SOC. Even the trackpads on Apple Silicon Macbooks are 'stupid' now, the microcontrollers do little more than pass the input values along via SPI. So, if you were to look at the graph of the CAN network from their post, imagine if the gateway was a giant box around everything else. The most an attack like this could try and do would be sending very inconsequential messages like "unlock attempt", all of the decision making happens behind the curtain (where it would be checking other factors) New Zealand can eat me fucked around with this message at 04:37 on Apr 7, 2023 |
# ? Apr 7, 2023 04:16 |
|
https://i.imgur.com/ptSaSpW.mp4 i've also spun out my infiniti but luckily no cops around and didn't curb it. don't try and drift when you're not good at driving.
|
# ? Apr 7, 2023 05:14 |
|
that was a state trooper as well, he's gonna get all the tickets.
|
# ? Apr 7, 2023 12:48 |
|
Blue Footed Booby posted:Guys, if the CIA is after me I'm just gonna loving die. Having a lock requiring nontrivial effort to pick/bypass is still a good loving idea :/ There's a reason no one uses vulnerable tubular locks on poo poo they care the least bit about. evil_bunnY fucked around with this message at 13:13 on Apr 7, 2023 |
# ? Apr 7, 2023 13:09 |
|
LifeSunDeath posted:https://i.imgur.com/ptSaSpW.mp4 i get the impression this guy was already running from the cops and was struggling with "driving" not specifically trying to drift
|
# ? Apr 7, 2023 16:08 |
|
OBAMNA PHONE posted:i get the impression this guy was already running from the cops and was struggling with "driving" not specifically trying to drift Yeah, I don't think the first reaction to loving up like that is hands ready to be handcuffed. He was being chased and cocked it up and then became resigned to his fate.
|
# ? Apr 7, 2023 16:34 |
|
LifeSunDeath posted:https://i.imgur.com/ptSaSpW.mp4 OBAMNA PHONE posted:i get the impression this guy was already running from the cops and was struggling with "driving" not specifically trying to drift He was. Watch it with sound on (right click, copy video address, paste it into a new tab) - sirens were going from the start of the video. He was ordered out of the car almost immediately.
|
# ? Apr 7, 2023 17:31 |
|
cursedshitbox posted:Repeat after me if somebody wants your car bad enough they can just show up with a flatbed.
|
# ? Apr 7, 2023 19:36 |
|
On canbus only one module is *supposed* to send a given message ID on a given bus. Doing otherwise breaks the collision detection and priority sorting built into the protocol. The end result is a lot of people developing for these systems think that way naturally and don't consider that someone absolutely could use spoof their message, and the people designing the hardware for each module, the harness and routing and canbus connection choices (on vehicles with more than one) and the firmware for each module may not even be in the same company let alone on the same team. A lot of those modules get outsourced. For example Teves, Allied Signal, and Bosch make a huge number of the ABS/ETC modules, Bosch makes a substantial number of the ACUs in the world, Motorola/Siemens/Bosch make a large percentage of the ECUs and PCMs, etc. It's extremely likely that literally no one ever looked at all 3 of the facts necessary at once simply because no one had all that info at once. The headlight control EEs spec was "I need a PCB that fits in this enclosure and has a can bus and these physical interfaces", the harness guy just knew he needed to route these wires and this canbus here and there, the 3 different software people only knew what they needed to for their particular module. You can't just put a button on everything because of dirt and dust ingress concerns as well as the ever present cost concerns. Manufacturers don't give a gently caress because like everyone already said, security is a cost center. If it works well enough to ship and sell and not immediately get sued by the feds they're going to ship and sell. Dodge has been shipping hellcats that you can steal if you talk nicely to them for loving years now, and that doesn't even require connecting to the physical wires. KIAs can be stolen with a USB cord and a pair of pliers. I'm just glad they don't have to damage the bodywork to steal these things via the headlight, paint is expensive. Also, while security is nice and all, every single suggestion made here will make using any car that follows those suggestions harder to use aftermarket tuning software on and harder to use as engine swap donors. So consider your choices carefully.
|
# ? Apr 8, 2023 13:44 |
|
Combustion engines' days are numbered (in passenger cars) anyway. EV "tuning" will be fully done in software.
|
# ? Apr 8, 2023 14:13 |
|
Sagebrush posted:Combustion engines' days are numbered (in passenger cars) anyway. EV "tuning" will be fully done in software. There will always be room for gold-plated connectors and special oxygen-free copper wires for improved Everything that applies to audiophiles will eventually apply to EV owners.
|
# ? Apr 8, 2023 14:25 |
|
Deteriorata posted:There will always be room for gold-plated connectors and special oxygen-free copper wires for improved holy poo poo and that space is still wide open now we can get in on the ground floor
|
# ? Apr 8, 2023 14:44 |
|
shame on an IGA posted:holy poo poo and that space is still wide open now we can get in on the ground floor Battery crystal realignment services?
|
# ? Apr 8, 2023 15:03 |
|
Dilithium battery add ons
|
# ? Apr 8, 2023 15:14 |
|
oxygen-free 4/0 AWG silver litz wire HV conductors run through custom carved cocobolo conduits. Client must visit the office several times prior to fabrication for testing and interviews so we can determine the specific strand weaving that best aligns to their chakras.
shame on an IGA fucked around with this message at 15:18 on Apr 8, 2023 |
# ? Apr 8, 2023 15:14 |
|
shame on an IGA posted:holy poo poo and that space is still wide open now we can get in on the ground floor Given how expensive 22kw type 2 cables are, audiophile prices are already here
|
# ? Apr 8, 2023 15:17 |
|
We’ll take apart your battery and replace all the spot welds with silver solder. 😈
|
# ? Apr 8, 2023 20:36 |
|
shame on an IGA posted:oxygen-free 4/0 AWG silver litz wire HV conductors run through custom carved cocobolo conduits. Client must visit the office several times prior to fabrication for testing and interviews so we can determine the specific strand weaving that best aligns to their chakras. Isolated ground conductors with mesh jacket coiled through EM isolating magnets to remove harmful interference that slows motor response.
|
# ? Apr 8, 2023 22:49 |
|
If you take that corner of the market, can I go for the Sick Gaming Mods? Ultra low latency pedal transducers with optical sensing, high refresh rate HUD, yellow window tint that improves your response time, water cooling for both the batteries and onboard computing, programmable RGB lighting on every surface? Cool paint jobs and viewing windows for the HV system? I feel like there's a large market for "gaming nerds who want to style their car like their PC". Far lower profit margins, but probably higher volume.
|
# ? Apr 9, 2023 00:43 |
|
Throttle controllers are a big thing in the ICE world, especially on diesels. Seems they mostly just are intercept devices connected to the throttle pedal connector directly.
|
# ? Apr 9, 2023 00:44 |
|
Deteriorata posted:There will always be room for gold-plated connectors and special oxygen-free copper wires for improved Unlike audiophiles though, we have dynamometers and tracks. Not that that stops idiots who think that 12 hole counterfeit injectors intended for a 2 valve configuration are a huge power upgrade from factory injectors, mind you.
|
# ? Apr 9, 2023 01:00 |
|
kastein posted:Unlike audiophiles though, we have dynamometers and tracks. i mean audiophiles have oscilloscopes and frequency analyzers, too. kastein posted:Not that that stops idiots
|
# ? Apr 9, 2023 01:05 |
|
The acceleration just *feels* warmer, you know, just a little fuller and more rich.
|
# ? Apr 9, 2023 01:08 |
|
|
# ? Jun 1, 2024 21:20 |
|
I prefer an analog oil
|
# ? Apr 9, 2023 01:37 |