CAN Hacking: Introductions

CAN Frame

We’re introducing a new series on CAN and automotive hacking. First, we’ll introduce CAN and discuss how in-vehicle networks work.

In 1986, Bosch introduced the Controller Area Network protocol. It was designed specifically for in-vehicle networks between automotive controllers. CAN became a popular option for networking controllers in automotive, industrial, and robotics applications. Starting in 2008, all vehicles sold in the US must use CAN.

Modern vehicles are distributed control systems, with controllers designed to handle specific tasks. For example, a door control module would take care of locks and windows. CAN allows these controllers to communicate. It also allows for external systems to perform diagnostic tasks by connecting to the in-vehicle network.

Some examples of CAN communication in a vehicle include:

  • The engine control module sending the current engine speed to the instrument cluster, where it is displayed on a tachometer.
  • The driver’s door controller sending a message to another door controller to actuate the window.
  • A firmware upgrade for a controller, sent from a diagnostics tool.

CAN is usually used with little or no security, except for the obscurity of the communications. We can use CAN to USB interfaces to listen to the traffic, and then decode it. We can also use these tools to send forged messages, or to perform diagnostic actions. Unfortunately, most of the tools for dealing with CAN are proprietary, and very expensive. The diagnostics protocols are standards, but not open ones. They must be purchased from the International Organization for Standardization.

Next time, we’ll get into the structure of CAN frames, and how traffic is encoded on the bus.

 [Image via Wikipedia]

CAN Hacking

DEF CON: Hacking Hardware and Cars

DEF CON Hardware Hacking Village

The first full day of DEF CON was packed with hacking hardware and cars. I got to learn about why your car is less secure than you might think, pick some locks, and found out that there are electronic DEF CON badges after all. Keep reading for all the detail.

[Read more...]

Relighting a gauge cluster

When a few lights in the dashboard of  [Garrett]‘s truck burned out, he was looking at a hefty repair bill. The repair shop would have to replace the huge PCB to change a few soldered light bulbs, so he was looking at a $500 repair bill. Lighting up a LED is everyone’s first project, so [Garrett] decided to change out the bulbs with LEDs and save a few dollars.

The repair was very simple – after removing the dials and needles, [Garrett] found a huge PCB with a few burnt out bulbs on board. He took a multimeter to each bulb’s solder pad and replaced each one with an LED and resistor. The finished project looks like it came out of a factory and is a huge improvement over the ugly amber bulbs originally found in his truck.  [Garrett] also posted a nice Instructable of his build showing the nicely soldered lamp replacements.

DIY wiper speed control and collision avoidance

ir_sensor_rain_detection

On many new cars, automatic wiper speed control can be had as an upgrade, though most cars do not offer front-end collision prevention at all. [Rishi Hora] and [Diwakar Labh], students at the Guru Tegh Bahadur Institute of Technology in New Delhi, developed their own version of these features, (PDF warning, skip to page 20) which they entered into last year’s Texas Instruments Analog Design Contest. Under the guidance of professors [Gurmeet Singh] and [Pawan Kumar], the pair built the systems using easily obtainable parts, including of course, an MSP430 microcontroller from TI.

The collision prevention system uses a laser emitter and an optical detector to estimate the distance between your car and the vehicle in front of you, sounding an alarm if you are getting too close. In a somewhat similar fashion, the wiper speed control system uses an IR emitter and detector pair to estimate the amount of water built up on the windshield, triggering the wipers when necessary.

While not groundbreaking, the systems would be quite handy during monsoon season in India, and seem easy enough to install in an older vehicle. The only thing we’re not so sure about is pointing lasers at cars in traffic, but there are quite a few available alternatives that can be used to measure distance.

Continue reading to see a video walkthrough and demonstration of both systems.

[Read more...]

Researchers discover that cars can be hacked with music

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

Automotive current monitor

If you’ve ever had a car with an electrical system problem you know how hard it can be to pin-point the source of your woes. Here’s a hackery solution that uses a diy PCB to monitor the current being drawn off of the alternator.The sensing is provided by an Allegro ACS758 integrated circuit. This chip measures current up to 150A and outputs an analog signal that can be measured by a microcontroller. In this case an AVR ATmega8 measures the signal and spits the info back to a PC via the serial port. This data can be graphed to help locate when too much current is being drawn for the battery to remain charged.

Check out that CNC milled PCB, what a beauty!

[Thanks Joshua via Elektronika]

OBD-II Automotive data logging

obd2

[Avi Aisenberg] sent us his final project for ece 4760.  His team built and OBD-II data interface. Even though OBD-II is an industry standard, each manufacturer has implemented it differently. This is where this project shines. They have built it to be capable of talking to any of them. Not only that, but it has a nice backlit LCD screen for diagnosing issues without having to go back to your computer and downloading the data. If you really don’t need all the bells and whistles, you can make one for roughly $15. They even have an OBD-II app for the iPhone.

Follow

Get every new post delivered to your Inbox.

Join 96,369 other followers