[Ovmsdev] A Car Hacking Experiment: When Connectivity Meets Vulnerability

Michael Balzer dexter at expeedo.de
Fri Jun 29 22:18:38 HKT 2018

I have known the paper for a while, missed forwarding it to the list, sorry.

Am 29.06.2018 um 14:13 schrieb Jakob Löw:
> - When they describe brute forcing the sevcon access level protections,
> is this the new protection in Twizy's >2016? Does this mean using this
> one could tune the newer Twizy models?
No, they haven't hacked the new model, and they also haven't hacked the old one. The old one is effectively open as it's access is granted using the factory
default SEVCON passwords that ship with all SEVCON tools. The OVMS ships with these passwords as well, so all they needed to do was switch the module on to
access the SEVCON.

I haven't asked them why they lied about that, I assume they had that on their agenda and knew it wouldn't be questioned. I've worked in the academic
environment for some years, most work in that environment is not based on science but on politics and/or money. I assume this paper was done primarily to sell
some sort of CAN encryption technology.

> - in Chapter V section B under "Throttle Control" they describe
> reconfiguring the pedal behaviour. Could this be used whilst driving to
> implement cruise control into the T?
Possibly, but I will not do this, and you should not want to use a cruise control system working that way. There is no internal fallback from this modification,
the configuration needs to be reverted externally. If something fails on this, you end up driving with a stuck throttle.


> On Fri, 2018-06-29 at 17:14 +0800, Mark Webb-Johnson wrote:
>> FYI:
>> https://www.researchgate.net/publication/286931560_A_Car_Hacking_Expe
>> riment_When_Connectivity_Meets_Vulnerability
>> Interconnected vehicles are a growing commodity providing remote
>> access to on-board sys- tems for monitoring and controlling the state
>> of the ve- hicle. Such features are built to facilitate and
>> strengthen the owner’s knowledge about its car but at the same time
>> they impact its safety and security. Vehicles are not ready to be
>> fully connected as various attacks are currently possible against
>> their control systems. In this paper, we analyse possible attack
>> scenarios on a recently released all-electric car and investigate
>> their impact on real life driving scenarios. We leverage our findings
>> to change the behaviour of safety critical com- ponents of the
>> vehicle in order to achieve autonomous driving using an Open
>> Vehicle Monitoring System. Furthermore, to demonstrate the potential
>> of our setup, we developed a novel mobile application able to control
>> such vehicle systems remotely through the Internet. We challenge the
>> current state-of-the-art technology in today’s vehicles and provide a
>> vulnerability analysis on modern embedded systems.
>> _______________________________________________
>> OvmsDev mailing list
>> OvmsDev at lists.openvehicles.com
>> http://lists.openvehicles.com/mailman/listinfo/ovmsdev
>> _______________________________________________
>> OvmsDev mailing list
>> OvmsDev at lists.openvehicles.com
>> http://lists.openvehicles.com/mailman/listinfo/ovmsdev

Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180629/c4b68148/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180629/c4b68148/attachment-0002.sig>

More information about the OvmsDev mailing list