The Year of the Car Hacks

With the summer’s big security conferences over, now is a good time to take a look back on automotive security. With talks about attacks on Chrysler, GM and Tesla, and a whole new Car Hacking village at DEF CON, it’s becoming clear that autosec is a theme that isn’t going away.

Up until this year, the main theme of autosec has been the in-vehicle network. This is the connection between the controllers that run your engine, pulse your anti-lock brakes, fire your airbags, and play your tunes. In most vehicles, they communicate over a protocol called Controller Area Network (CAN).

An early paper on this research [PDF] was published back in 2010 by The Center for Automotive Embedded Systems Security,a joint research effort between University of California San Diego and the University of Washington. They showed a number of vulnerabilities that could be exploited with physical access to a vehicle’s networks.

A number of talks were given on in-vehicle network security, which revealed a common theme: access to the internal network gives control of the vehicle. We even had a series about it here on Hackaday.

The response from the automotive industry was a collective “yeah, we already knew that.” These networks were never designed to be secure, but focused on providing reliable, real-time data transfer between controllers. With data transfer as the main design goal, it was inevitable there would be a few interesting exploits.

Continue reading “The Year of the Car Hacks”

How Those Hackers Took Complete Control of That Jeep

It was an overcast day with temperatures in the mid seventies – a perfect day to take your brand new Jeep Cherokee for a nice relaxing drive. You and your partner buckle in and find yourselves merging onto the freeway just a few minutes later.  You take in the new car smell as your partner fiddles with the central touch screen display.

“See if it has XM radio,” you ask as you play with the headlight controls.

Seconds later, a Taylor Swift song begins to play. You both sing along as the windows come down. “Life doesn’t get much better than this,” you think. Unfortunately, the fun would be short lived. It started with the windshield wipers coming on – the dry rubber-on-glass making a horrible screeching sound.

“Hey, what are you doing!”

“I didn’t do it….”

You verify the windshield wiper switch is in the OFF position. You switch it on and off a few times, but it has no effect. All of the sudden, the radio shuts off. An image of a skull and wrenches logo appears on the touchscreen. Rick Astley’s “Never Gonna Give You Up” begins blaring out of the speakers, and the four doors lock in perfect synchronization. The AC fans come on at max settings while at the same time, you feel the seat getting warmer as they too are set to max. The engine shuts off and the vehicle shifts into neutral. You hit the gas pedal, but nothing happens. Your brand new Jeep rolls to a halt on the side of the freeway, completely out of your control.

Sound like something out of a Hollywood movie? Think again.

[Charlie Miller], a security engineer for Twitter and [Chris Valasek], director for vehicle safety research at IOActive, were able to hack into a 2014 Jeep Cherokee via its wireless on-board entertainment system from their basement. A feature called UConnect, which allows the vehicle to connect to the internet via a cellular connection, has one of those things you might have heard of before – an IP address. Once the two hackers had this address, they had the ‘digital keys’ to the Jeep. From there, [Charlie] and [Chris] began to tinker with the various firmwares until they were able to gain access to the vehicle’s CAN bus. This gives them the ability to control many of the car’s functions, including (under the right conditions) the ability to kill the brakes and turn the steering wheel. You probably already have heard about the huge recall Chrysler issued in response to this vulnerability.

But up until this weekend we didn’t know exactly how it was done. [Charlie] and [Chris] documented their exploit in a 90 page white paper (PDF) and spoke at length during their DEF CON talk in Las Vegas. That video was just published last night and is embedded below. Take look and you’ll realize how much work they did to make all this happen. Pretty amazing.

Continue reading “How Those Hackers Took Complete Control of That Jeep”

Stealth Bluetooth Stereo: It’s a Jeep Thing


[Feueru] wanted to update the sound system in his 1998 Jeep Wrangler. The problem is that soft top Jeeps are notorious for radio theft. His solution was to build his own stealth bluetooth stereo. The music comes from his Nexus 5 via bluetooth. A Fusion MS-BT 100 waterproof bluetooth receiver picks up the tunes. From there the signal is passed through the one external control, a line level volume knob. A “BMWx-43 300 Watt” amplifier provides the power to drive the Jeep’s speakers. We’re a bit dubious about the 300 Watt rating, as well as the “Only from the mind of a German” catch phrase. Hey, at least the real BMW didn’t have the amplifiers destroyed at the US port due to trademark issues. 

[Feueru] used a standard DIN radio install kit for his Jeep. In place of a headunit, he glued an ABS plastic sheet. The ABS provided a good place to mount his volume control. That volume knob was a bit lonely, so [Feueru] added “Plan B”, his winch controls. The final result looks… well, it looks like a single knob, which is exactly what [Feueru] was going for. Any would-be car radio thief would pass this right by. The only thing missing is an actual FM receiver. Sure, there is a bit of loss when using a bluetooth audio path. However, this is a soft top Jeep with stock speakers, so it’s really not noticeable to [Feueru].

[via reddit]

A Jeep-Mounted FLIR Camera


[Eddie Zarick] is at it again, modding his Jeep Wrangler into something that makes us all properly jealous. This time, he managed to acquire and mount the FLIR camera from an old Cadillac. It truly is an FLIR thermal imaging camera, and not just a near-infrared hack. Cadillac used this technology with a HUD, but [Eddie] decided to connect it to his in-dash screen. He also didn’t settle for simply facing it forward, but mounted it to a Golight searchlight base. He mounted the joysticks under the screen, giving him directional control.

[Eddie] spent about $500 on the project, which seems like a lot, but not when you consider the cost of a new FLIR camera. We would love to know where he found such a great deal! Maybe he hit up a local salvage yard? If you know of a good source for parts like this, let us know in the comments!

Previously we covered [Eddie’s] pressurized water tap, weatherproof keypad entry, and other assorted hacks. We look forward to seeing what he adds to his Jeep next.

Continue reading “A Jeep-Mounted FLIR Camera”

Jeep dashboard display turned into a desk clock


This display is easily recognizable by the buttons and the outline of a vehicle to the left. It’s a Vehicle Information Center (VIC) from a Jeep Grand Cherokee. [Florlayamp] discovered a row of the vehicles in a junkyard, all with the displays still intact. He grabbed one and turned the VIC into a desk clock. What would you pay for such a fine piece of used electronic hardware? How about six bucks? Yeah!

Getting it running couldn’t be simpler. It’s all set up to be programmed and run on it’s own. A bit of searching around turned up a schematic to figure out which wires are for power. It took some time to figure it out, but the thing draws about 2A so finding a worthy wall wart was a must.

Now that he was sure it would work [Florlayamp] started on the case build. It’s poplar with quarter round to frame the display. On the back you’ll find a single rocker switch.

Usually we see the opposite of this, adding displays to the dashboard instead of salvaging them.


Packing a Jeep Wrangler full of hacks

Picking just one image to show off all of the hacks done on this Jeep Wrangler is a tough order. We decided to go with this custom ceiling console as it features the most work done in a confined area.

Give the video walk-around a bit of time before you decide it’s not for you. [Eddie Zarick] spends the first moments touting his “Oakley” branding of the vehicle in decals, emblems, embroidered seats, zipper pulls, and more. But after that you’ll get a look at the pressurized water system we previously saw. Pull open the back gate and there’s a nice cargo cover he built that includes a cubby hole which stores the soft sides when he wants to take the top off. There are several other interesting touches, like the police radar spoofer that he uses to scare the crap out of speeders. Ha!

The ceiling console we mentioned earlier was completely custom-built. It includes a CB, scanner, HAM, and seven-inch Android tablet. There is also a set of push buttons which control the various bells and whistles; well, spotlights and inverter actually. Just add a commode and he’s ready to live out of his car.

Continue reading “Packing a Jeep Wrangler full of hacks”

Jeep Wrangler gets pressurized water right out of the bumper

[Ed] got pretty creative with a hack that adds a pressurized water tap to his Jeep Wrangler. The tap on the rear passenger bumper now lets him hose off the vehicle after mudding, rinse his SCUBA gear after a dive, and just generally comes in handy.

If you want running water you’ve got to have a place to put it. This is actually what sparked the idea for the project. [Ed] noticed that the bumper was hollow and had some drain holes on the bottom. After plugging those and adding a fill hole to the top he found that he had a reservoir for about seven gallons. To get the water out he added a pump deigned to be used on an RV. It’s got features that make it work perfectly for this application: it runs off of battery voltage, it will turn on and off automatically when the tap is opened based on water pressure, and it will shut itself off if the reservoir runs dry. He designed a bezel to give the spigot a professional look. Just out of frame in the image above is an attachment for pressurized air. His next planned project for the Jeep is to add an air compressor.

After the break you can see a demo of the installed system, as well as a water pump test.

Continue reading “Jeep Wrangler gets pressurized water right out of the bumper”