I have known the paper for a while, missed forwarding it to the list, sorry.

Am 29.06.2018 um 14:13 schrieb Jakob Löw:
- When they describe brute forcing the sevcon access level protections,
is this the new protection in Twizy's >2016? Does this mean using this
one could tune the newer Twizy models?
No, they haven't hacked the new model, and they also haven't hacked the old one. The old one is effectively open as it's access is granted using the factory default SEVCON passwords that ship with all SEVCON tools. The OVMS ships with these passwords as well, so all they needed to do was switch the module on to access the SEVCON.

I haven't asked them why they lied about that, I assume they had that on their agenda and knew it wouldn't be questioned. I've worked in the academic environment for some years, most work in that environment is not based on science but on politics and/or money. I assume this paper was done primarily to sell some sort of CAN encryption technology.

- in Chapter V section B under "Throttle Control" they describe
reconfiguring the pedal behaviour. Could this be used whilst driving to
implement cruise control into the T?
Possibly, but I will not do this, and you should not want to use a cruise control system working that way. There is no internal fallback from this modification, the configuration needs to be reverted externally. If something fails on this, you end up driving with a stuck throttle.

Regards,
Michael

On Fri, 2018-06-29 at 17:14 +0800, Mark Webb-Johnson wrote:

FYI:

https://www.researchgate.net/publication/286931560_A_Car_Hacking_Expe
riment_When_Connectivity_Meets_Vulnerability

Interconnected vehicles are a growing commodity providing remote
access to on-board sys- tems for monitoring and controlling the state
of the ve- hicle. Such features are built to facilitate and
strengthen the owner’s knowledge about its car but at the same time
they impact its safety and security. Vehicles are not ready to be
fully connected as various attacks are currently possible against
their control systems. In this paper, we analyse possible attack
scenarios on a recently released all-electric car and investigate
their impact on real life driving scenarios. We leverage our findings
to change the behaviour of safety critical com- ponents of the
vehicle in order to achieve autonomous driving using an Open
Vehicle Monitoring System. Furthermore, to demonstrate the potential
of our setup, we developed a novel mobile application able to control
such vehicle systems remotely through the Internet. We challenge the
current state-of-the-art technology in today’s vehicles and provide a
vulnerability analysis on modern embedded systems.
_______________________________________________
OvmsDev mailing list
OvmsDev@lists.openvehicles.com
http://lists.openvehicles.com/mailman/listinfo/ovmsdev


_______________________________________________
OvmsDev mailing list
OvmsDev@lists.openvehicles.com
http://lists.openvehicles.com/mailman/listinfo/ovmsdev


-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26