How Those Hackers Took Complete Control of That Jeep

It was an overcast day with temperatures in the mid seventies – a perfect day to take your brand new Jeep Cherokee for a nice relaxing drive. You and your partner buckle in and find yourselves merging onto the freeway just a few minutes later.  You take in the new car smell as your partner fiddles with the central touch screen display.

“See if it has XM radio,” you ask as you play with the headlight controls.

Seconds later, a Taylor Swift song begins to play. You both sing along as the windows come down. “Life doesn’t get much better than this,” you think. Unfortunately, the fun would be short lived. It started with the windshield wipers coming on – the dry rubber-on-glass making a horrible screeching sound.

“Hey, what are you doing!”

“I didn’t do it….”

You verify the windshield wiper switch is in the OFF position. You switch it on and off a few times, but it has no effect. All of the sudden, the radio shuts off. An image of a skull and wrenches logo appears on the touchscreen. Rick Astley’s “Never Gonna Give You Up” begins blaring out of the speakers, and the four doors lock in perfect synchronization. The AC fans come on at max settings while at the same time, you feel the seat getting warmer as they too are set to max. The engine shuts off and the vehicle shifts into neutral. You hit the gas pedal, but nothing happens. Your brand new Jeep rolls to a halt on the side of the freeway, completely out of your control.

Sound like something out of a Hollywood movie? Think again.

[Charlie Miller], a security engineer for Twitter and [Chris Valasek], director for vehicle safety research at IOActive, were able to hack into a 2014 Jeep Cherokee via its wireless on-board entertainment system from their basement. A feature called UConnect, which allows the vehicle to connect to the internet via a cellular connection, has one of those things you might have heard of before – an IP address. Once the two hackers had this address, they had the ‘digital keys’ to the Jeep. From there, [Charlie] and [Chris] began to tinker with the various firmwares until they were able to gain access to the vehicle’s CAN bus. This gives them the ability to control many of the car’s functions, including (under the right conditions) the ability to kill the brakes and turn the steering wheel. You probably already have heard about the huge recall Chrysler issued in response to this vulnerability.

But up until this weekend we didn’t know exactly how it was done. [Charlie] and [Chris] documented their exploit in a 90 page white paper (PDF) and spoke at length during their DEF CON talk in Las Vegas. That video was just published last night and is embedded below. Take look and you’ll realize how much work they did to make all this happen. Pretty amazing.

Continue reading “How Those Hackers Took Complete Control of That Jeep”

Instrument Cluster Clock Gets The Show On The Road

While driving around one day, [Esko] noticed that the numbers and dials on a speedometer would be a pretty great medium for a clock build. This was his first project using a microcontroller, and with no time to lose he got his hands on the instrument cluster from a Fiat and used it to make a very unique timepiece.

The instrument cluster he chose was from a diesel Fiat Stilo, which [Esko] chose because the tachometer on the diesel version suited his timekeeping needs almost exactly. The speedometer measures almost all the way to 240 kph which works well for a 24-hour clock too. With the major part sourced, he found an Arduino clone and hit the road (figuratively speaking). A major focus of this project was getting the CAN bus signals sorted out. It helped that the Arduino clone he found had this functionality built-in (and ended up being cheaper than a real Arduino and shield) but he still had quite a bit of difficulty figuring out all of the signals.

In the end he got everything working, using a built-in servo motor in the cluster to make a “ticking” sound for seconds, and using the fuel gauge to keep track of the minutes. [Esko] also donated it to a local car museum when he finished so that others can enjoy this unique timepiece. Be sure to check out the video below to see this clock in action, and if you’re looking for other uses for instrument clusters that you might have lying around, be sure to check out this cluster used for video games.

The mechanics in dashboards are awesome, and produced at scale. That’s why our own [Adam Fabio] is able to get a hold of that type of hardware for his Analog Gauge Stepper kit. He simply adds a 3D printed needle, and a PCB to make interfacing easy.

Continue reading “Instrument Cluster Clock Gets The Show On The Road”

A Real Dash For A Truck Simulator

[Leon] plays Euro Truck Simulator 2, and like any good simulator, there are people out there building consoles, cockpits, and dashboards. In [Leon]’s case, he wanted a dashboard for his virtual trucks and cobbled one together out of a dash taken from a VW Polo.

This project was inspired by [Silas Parker] and his Arduino-based dashboard made out of a cardboard box, some servos, and a few LEDs. It worked, but [Leon] realized just about every dashboard made in the last decade or so has a CAN bus. You can just buy a CAN bus shield for an Arduino, and a dashboard can be easily found at any junkyard.

Right now, [Leon] is in the process of finding the CAN bus addresses of the relavent dials and LEDs on the dashboard. He found the tachometer at 0x280, and a bunch of indicator lights can be found at 0x470. Combined with a standard computer steering wheel and the telemetry SDK for Euro Truck Simulator 2, [Leon] has the beginnings of a virtual big rig on his desk.

Speaking CAN With Open Source Hardware

You can buy a dongle with a weird industrial connector that fits under the dash of any car on the road for $15. This is just a simple ODB-II transceiver meant for reading error codes and turning a Crown Vic into a police interceptor. There’s a lot more to the CAN Bus than OBD-II; robots and industrial control units, for instance, and Hackaday alum [Eric] has developed an open source tool for all things CAN.

[Eric] built this tool because of a lac of open-source tools that can talk CAN. There are plenty of boards floating around that can reset codes in a car using OBD-II, but an open hardware CAN device doesn’t really exist.

The CANtact is a small board outfitted with a USB port on one end, a DE-9 port on the other, and enough electronics to talk to any CAN device. The hardware on the CANtact is an STM32F0 – an ARM Cortex M0 that comes with USB and CAN interfaces. This chip connects to a Microchip CAN transceiver, and that’s pretty much all you need to talk to cars and industrial automation equipment. If doing something legal, moral, or safe with the CAN bus in your car isn’t your thing, Wired reports you can digitally cut someone’s brake lines.

On the software side of things, the CANtact can interface with Wireshark and the CANard Python library. All the files, from hardware to software, are available on the Github. Oh, CANtact was at Black Hat Asia, which means [Eric] was at Black Hat Asia. We should have sent stickers with him.

A Geiger Counter for an Off-Road Apocalypse Vehicle


If the world comes to an end, it’s good to be prepared. And let’s say that the apocalypse is triggered by a series of nuclear explosions. If that is the case, then having a Geiger counter is a must, plus having a nice transport vehicle would be helpful too. So [Kristian] combined the two ideas and created his own Geiger counter for automotive use just on the off chance that he might need it one day.

It all started with a homemade counter that was fashioned together. Then a display module with a built-in graphics controller that was implemented to show all kinds of information in the vehicle. This was done using a couple of optocouplers as inputs. In addition, a CAN bus interface was put in place. As an earlier post suggests, the display circuit was based on a Microchip 18F4680 microcontroller. After that, things kind of got a little out of control and the counter evolved into more of a mobile communications center; mostly just because [Kristian] wanted to learn how those systems worked. Sounds like a fun learning experience! Later the CPU and gauge was redesigned to use low-quiescent regulators. A filtering board was also made that could kill transients and noise if needed.

The full project can be seen on [Kristian]’s blog.

GEVCU – an Open Generalized Electric Vehicle Control Unit

At Hackaday we’re very happy to see the increasing number of open hardware devices that appear everyday on the internet, and we’re also quite thrilled about open-source electric cars. Pictured above is the GEVCU, an open source electric vehicle control unit (or ECU). It is in charge of processing different inputs (throttle position, brake pressure, vehicle sensors) then send the appropriate control commands to electric motor controllers (aka inverters) via CAN bus messages or digital / PWM signals.

The project started back in December 2012 and was originally based on an Arduino Due. Since then, the GEVCU went through several revisions and ultimately a complete custom board was produced, while still keeping the Cortex M3 ATSAM3X8E from the Due. As you may have guessed, the board also includes a Wifi transceiver so users may adjust the ECU parameters via a web based platform. All resources may be downloaded from the official GitHub.

Defcon presenters preview hack that takes Prius out of driver’s control


This one’s a treasure trove of CAN bus hacks that will scare the crap out of an unsuspecting driver — or worse. [Charlie Miller] and [Chris Valasek] are getting ready to present their findings, which were underwritten by DARPA, at this year’s Defcon. They gave a Forbes reporter a turn in the driver’s seat in order to show off.

You’ve got to see the video on this one. We haven’t had this much fun looking at potentially deadly car hacking since Waterloo Labs decided to go surfing on an Olds. The hacks shown off start as seemingly innocent data tweaks, like misrepresenting your fuel level or displaying 199 mph on the speedometer while the car is standing still. But things start to get interesting when they take that speed readout from 199 down to zero instantly, which has the effect of telling the car you’ve been in a crash (don’t worry, the airbags don’t fire). Other devilish tricks include yanking the steering wheel to one side by issuing a command telling the car to park itself when driving down the road. Worst of all is the ability to disable the brakes while the vehicle is in motion. Oh the pedal still moves, but the brake calipers don’t respond.

The purpose of the work is to highlight areas where auto manufacturers need to tighten up security. It certainly gives us an idea of what we’ll see in the next Bond film.

Continue reading “Defcon presenters preview hack that takes Prius out of driver’s control”