How I Hacked my Car
programmingwithstyle.com
external-link
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-Vehicle Infotainment (IVI) system. As I mentioned before it had wireless Android Auto which seemed to be uncommon in this price range, and it had pretty nice, smooth animations in its menus which told me the CPU/GPU in it wasn’t completely underpowered, or at least the software it was running wasn’t super bloated.

This is so funny, just searching and found the default keys used in examples… This is mainly how all car companies works. Minimum security or fixes.

Ephera
link
fedilink
66M

This is why I’m not particularly excited about hugely interconnected and self-driving cars. This insecure shit stops being funny once it’s accelerating towards you.

The interconnected thing, if you mean the Smart City, that will help a lot as I am working with this stuff, and it’s a lot of information being sent from infrastructure to cars that will help and improve a lot of the traffic.

The self-driving car is still very beta to be used. There are small self-driving busses on very low speed with a lot of sensors, good thing is that Smart City will give this public transport more priority (like on traffic lights) before to private transport.

But at the end as you say, all systems can be hacked and someone with the keys of an ambulance for example can be asking for green light everywhere or with the keys of the infrastructure can fake an emergency on the road and force to stop traffic.

But we are still too far from this, and I think we will first collapse as a society than have this correctly implemented.

Ephera
link
fedilink
16M

Well, I’m not just talking about Smart City. There’s also ideas for cars to exchange information with one another. But even just the fact that new cars will generally be connected to the internet.

Any of these endpoints can potentially be attacked with false information or some exploit to gain deeper access in a car.

But yeah, that’s also kind of what I’m betting on. I cannot imagine car manufacturers actually standardizing on common APIs. Smart Cities, maybe per country, but bureaucracy will slow that down a lot.

I didn’t know about that. But for the Smart City, there is a standard already done very well and with a lot of information about how to deploy it, Europe has its own standard as China and USA has their own. Then business needs to read that LONG and extended documentation to fill the requirements on their messages. And I think here is where we have the issues, business will do the minimum and make bad implementations as always. They just need to make the user feel everything is fine.

They use a Wi-Fi protocol a bit different from your Wi-Fi devices which uses fewer data, goes faster and larger.

azron
link
fedilink
26M

Great three part write up!

Confidentiality Integrity Availability

  • 0 users online
  • 1 user / day
  • 1 user / week
  • 5 users / month
  • 60 users / 6 months
  • 2 subscribers
  • 151 Posts
  • 162 Comments
  • Modlog