I’ve been looking at that Jeep Grand Cherokee hack, the one where they used a U-Connect Internet module plugged into the CAN-Interior bus (the “Internet Gateway” option to the U-Connect system) to brake and steer the car to the side of the road, and checked to see whether it could work on my Jeep Wrangler. Answer: No. There is a central bus firewall, the TIPMCGW, which blocks most messages from going from the low speed CAN-Interior network to the high speed CAN-C integrated engine/brake control network. If you plug into the CAN-D bus (the diagnostic port under the dash) you can pass some more messages, but if something is plugged into that port you’re f*cked anyhow (which is why I’m glad that this port is clearly visible upon entry into my Jeep!).
I guess the question is why the 2011+ Grand Cherokee doesn’t have this central firewall too. But apparently it doesn’t. According to some folks who should know, it appears to pass every message from the CAN-Interior network to the CAN-C network. All I can guess is that the power train module was revised for the 2012 Wrangler (because it has a different transmission from the 2011 GC as well as various other things rearranged to fit the powertrain into the smaller Wrangler engine bay) and the gateway was redesigned at that point to be more secure.
Just goes to show that security via obscurity (the Grand Cherokee’s solution) doesn’t work. All it takes is a CAN bus diagnostic tool to figure out what messages to send, then hack the WiFi module to pass those messages along, and there you are. To make it *really* secure you need to make sure that anything allowing Internet access is firewalled away from the nitty gritty. The Wrangler does that. The Grand Cherokee doesn’t. FAIL.
-Badtux the Security Penguin
Didn’t some journalist or some such person just ‘run off the road’ at 100 mph last year or something? I remember that it was said to be unlikely that he would have ever driven that fast, and it inferred some kind of car ‘take over’ but was not proved.
Hacking Cars, it had to come.
Cars with internet security pre installed along with “ac and whitewalls”.
“hello NSA, where are we off to today?”
“What a world, what a world…..”
w3ski
LikeLike
It wasn’t just any journalist, W3ski, it was Michael Hastings, who did great investigative work on atrocities in the Afghanistan clusterfuckwar. Tux wrote about that episode back in 2013, and something he said put a rest to my scepticism about Hastings’ car having a bomb planted in it. I was suspicious because the engine of Hastings’ Mercedes went flying out forward of the wreckage. Tux pointed out that results like that are SUPPOSED to happen as part of crash-design engineering because it prevents a heavy object like an engine block from going into the passenger compartment, where it will crush the occupants.
LikeLike
http://money.cnn.com/2015/02/09/technology/security/samsung-smart-tv-privacy/
I told Brian and now, you: All devices more complicated. than a brick should state whether or not they can be externally compromised
LikeLike
Is there a legitimate reason why the network with the Internet communicates with the internal network?
LikeLike
The dashboard CAN controller is what the entertainment system controls on the steering wheel are attached to. It also controls the dashboard “idiot lights” that are set by the engine controller, so the engine CAN bus must be able to talk to the dashboard CAN bus to set those lights. On the Chrysler cars, the Internet module is controlled from the entertainment system, so it must be attached to the same CAN bus as the entertainment system so it can receive those CAN messages telling it what to do. It also can be used to remote start the car with an iPhone app, so it needs to be able to talk to the engine CAN bus, but that’s already a given because of the idiot lights.
What is really needed is a separate CAN bus for just the entertainment systems and its controls that is completely detached from the engine computer. But marketing demands that we be able to see everything about the car on that stupid big touchscreen on the modern entertainment systems, so good luck with that. Sans that, we need a “firewall” that only allows certain messages to pass from the dashboard CAN bus to the engine CAN bus, which is what they did in my Jeep Wrangler. Unfortunately it appears they didn’t do that on the Jeep Grand Cherokee…
LikeLike
I think I’ll keep my Cherokee Chief from the ’80s. Easy to work on and slim chance it can get hacked.
LikeLike
I presume you removed the electronically-controlled carburetor and the rat’s nest of vacuum lines, then. I find that cars from the 80’s are ridiculously hard to work on because they were attempting to use carburetors when the requirements of emissions control clearly called for fuel injection. The underhood was a mess of air pumps, vacuum hoses, and fail. Cars from the late 90’s/early ’00s on the other hand are usually pretty easy to work on. When we do engine swaps into 70’s Jeeps we usually choose something from then, because the fuel injection works so much better than carburetors and the engine/transmission wiring is completely self-contained with the exception of whatever goes to the dashboard (and we simply retain the original dashboard and add new sensors to feed it to replace the ones that went away with the original engine). Once you get past 2005 or so, though, things get complex again thanks to the traction control and ABS requirements.
Oh, why do an engine swap into a 70’s Jeep? Well, AMC engines are starting to get hard to rebuild (the supply of good-quality blocks is dwindling because they’ve all been rebored so many times), carburetors don’t do well on steep slopes, and modern engines have significantly better power and drivability. An AMC 4.2L I6 wasn’t a powerhouse to begin with even before 70’s emissions controls smothered it. Slide in a Chevy 5.3L V8 from the late 90’s and you have significantly better drivability and power as well as better fuel economy due to the fuel injection. You can maybe get that kind of power out of the AMC 360 V8 if you add aftermarket fuel injection and electronic ignition but they’re getting scarce on the ground too…
LikeLike
I’ve worked in the automotive industry for over 30 years, and have been telling everyone who will listen that the ability to hack into a new car’s electronics is far easier than they think. Yes, it isn’t easy to do, but even my daughter, an IT forensics specialist at Amazon, admits her Super Geek peers all laugh about already having done it, and how it is relatively simple to do if you know WTF you’re doing. I totally reject the idea of owning a car that is so ultra-connected as modern cars are now. But then, I also don’t and won’t own a smart phone, so I reckon that makes me a total Neanderthal. OOK!
LikeLike
I wouldn’t say that it’s relatively simple to do. It took Superchips several years to crack the encryption on the 2012 Jeep Wrangler’s engine controller, for example, because Chrysler has made it very difficult to get access to the tool that programs that controller (it is only sold to Chrysler dealers, and is actually controlled by the Mothership via the Internet so even if you get your hands on one you aren’t going to be able to use it without a Chrysler dealership account so that it can talk to the Mothership). I have my suspicions about how Superchips finally managed to do what they did, but I’ll leave that for another day, suffice it to say I suspect they did something illegal under US law. On the other hand, if all you’re doing is inserting and intercepting messages on the CAN bus, yeah, piece of cake. One of my office mates has the tools to do that, they weren’t expensive at all. And since OBDII specifies certain things about CAN bus messages, it’s not even as if you have to work hard at figuring out what the CAN bus messages mean.
LikeLike
10-4 to all that… I reckon when the Super Geeks were saying ‘simple’ they meant FOR THEM, heh heh heh. My current auto client is mega-heavy into the whole ‘wired car’ thingie, but even they are quietly but feverishly trying to resolve these outside interference issues. I’m told the wired car phenomenon caught almost all carmakers flat-footed with regards to hackability, as no one seriously thought it would be a big deal, just giving the pampered car owners every convenience they could slap onto four wheels.. Of course, it is a big deal now.
LikeLike
I had so much fun listening in to Vehicle ECM data streams as a tech. It was really the best part of the job. Introduce a change here or there and watch for a response. Checking signals to actuators and from inputs.
It was “thought challenging” and that was fun.
I had a buddy with a laptop program that would read all the different manufactures programs. Graph the data or whatever was better for the task at hand. Big screen too, not like the handheld scanners.
The one part of being a mechanic that I do miss.
w3ski
LikeLike