|
Went to the BlackHat talk on that today. It was pretty interesting. No where near enough time to go into a lot of detail, but the white paper (90+ pages) will be released on Monday for those that want all the details. The network change Sprint made a week or two back eliminated the ability to access the cars over the cellular network in that way. Unpatched cars are probably still accessible over WiFi but that would require someone to have actually paid for the hotspot feature. The WiFi uses WPA2 and the default password is strong enough, but the initial password generating code was reverse engineered and in most cases there will only be a few dozen password options. The current time is the only variable/unknown in the algorithm but the car likely doesn't know the time when it first boots and generates the password so it just uses a default time (Jan 1 2013 if I remember) and starts counting up from there. So basically take that date plus about 30 seconds and plug it into the algorithm. The update filters the various ports. No idea if they actually fixed the ability to run arbitrary commands and code on the head unit (doubt it) or did anything about the V850 chip's (which is accessible from the head unit and talks on the CAN bus) firmware not bring signed or secured in anyway.
|
#
¿
Aug 6, 2015 07:54
|
|
|
|
| # ¿ May 13, 2024 13:51 |
|