[Ovmsdev] A Car Hacking Experiment: When Connectivity Meets Vulnerability
Michael Balzer
dexter at expeedo.de
Fri Jun 29 22:39:51 HKT 2018
It's said to be a 128 bit password now. But I'm not sure if it's just that or if the auth scheme has been extended as well. The controller can implement a
challenge/response scheme with custom key algorithms.
Am 29.06.2018 um 16:22 schrieb Mark Webb-Johnson:
> How are the 2016 cars locked/protected? Just with stronger passcodes?
>
> On 29 Jun 2018, at 10:18 PM, Michael Balzer <dexter at expeedo.de <mailto:dexter at expeedo.de>> wrote:
>
>> I have known the paper for a while, missed forwarding it to the list, sorry.
>>
>> Am 29.06.2018 um 14:13 schrieb Jakob Löw:
>>> - When they describe brute forcing the sevcon access level protections,
>>> is this the new protection in Twizy's >2016? Does this mean using this
>>> one could tune the newer Twizy models?
>> No, they haven't hacked the new model, and they also haven't hacked the old one. The old one is effectively open as it's access is granted using the factory
>> default SEVCON passwords that ship with all SEVCON tools. The OVMS ships with these passwords as well, so all they needed to do was switch the module on to
>> access the SEVCON.
>>
>> I haven't asked them why they lied about that, I assume they had that on their agenda and knew it wouldn't be questioned. I've worked in the academic
>> environment for some years, most work in that environment is not based on science but on politics and/or money. I assume this paper was done primarily to
>> sell some sort of CAN encryption technology.
>>
>>> - in Chapter V section B under "Throttle Control" they describe
>>> reconfiguring the pedal behaviour. Could this be used whilst driving to
>>> implement cruise control into the T?
>> Possibly, but I will not do this, and you should not want to use a cruise control system working that way. There is no internal fallback from this
>> modification, the configuration needs to be reverted externally. If something fails on this, you end up driving with a stuck throttle.
>>
>> Regards,
>> Michael
>>
>>> On Fri, 2018-06-29 at 17:14 +0800, Mark Webb-Johnson wrote:
>>>> FYI:
>>>>
>>>> https://www.researchgate.net/publication/286931560_A_Car_Hacking_Expe
>>>> riment_When_Connectivity_Meets_Vulnerability
>>>>
>>>> Interconnected vehicles are a growing commodity providing remote
>>>> access to on-board sys- tems for monitoring and controlling the state
>>>> of the ve- hicle. Such features are built to facilitate and
>>>> strengthen the owner’s knowledge about its car but at the same time
>>>> they impact its safety and security. Vehicles are not ready to be
>>>> fully connected as various attacks are currently possible against
>>>> their control systems. In this paper, we analyse possible attack
>>>> scenarios on a recently released all-electric car and investigate
>>>> their impact on real life driving scenarios. We leverage our findings
>>>> to change the behaviour of safety critical com- ponents of the
>>>> vehicle in order to achieve autonomous driving using an Open
>>>> Vehicle Monitoring System. Furthermore, to demonstrate the potential
>>>> of our setup, we developed a novel mobile application able to control
>>>> such vehicle systems remotely through the Internet. We challenge the
>>>> current state-of-the-art technology in today’s vehicles and provide a
>>>> vulnerability analysis on modern embedded systems.
>>>> _______________________________________________
>>>> OvmsDev mailing list
>>>> OvmsDev at lists.openvehicles.com
>>>> http://lists.openvehicles.com/mailman/listinfo/ovmsdev
>>>>
>>>>
>>>> _______________________________________________
>>>> OvmsDev mailing list
>>>> OvmsDev at lists.openvehicles.com
>>>> http://lists.openvehicles.com/mailman/listinfo/ovmsdev
>>
>> --
>> Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
>> Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
>> _______________________________________________
>> OvmsDev mailing list
>> OvmsDev at lists.openvehicles.com <mailto:OvmsDev at lists.openvehicles.com>
>> http://lists.openvehicles.com/mailman/listinfo/ovmsdev
>
>
> _______________________________________________
> OvmsDev mailing list
> OvmsDev at lists.openvehicles.com
> http://lists.openvehicles.com/mailman/listinfo/ovmsdev
--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180629/dd294238/attachment.html>
More information about the OvmsDev
mailing list