These days the dozen or so ECUs in an average car are joined by an infotainment system of some type, which are typically a large touch screen on the dashboard (the headunit) and possibly a couple of auxiliary units for the rear seats. These infotainment systems run anything from QNX to (Yocto) Linux or more commonly these days some version of Android. As [Eric McDonald] discovered with his 2021 Honda Civic, its headunit runs an archaic Android dating back to roughly 2012.
While this offers intriguing options with gaining root access via decade-old exploits that the car manufacturer never fixed, as [Eric] notes, this is an advantage that anyone who can gain access to the car’s CAN buses via e.g. the headlights, a wireless access point, or even inject an exploit via ADB radio can use to their advantage. Essentially, these infotainment systems are massive attack surfaces with all of their wired and wireless interfaces, combined with outdated software that you as the vehicle owner are forbidden to meddle with by the manufacturer.
Naturally taking this ‘no’ as a challenge as any civilized citizen would, [Eric] set out to not only root the glorified Android tablet that Honda seeks to pass off as a ‘modern infotainment system’, but also reverse-engineer the system as far as possible and documenting the findings on GitHub. As [Eric] also explains in a Hacker News discussion, his dream is to not only have documentation available for infotainment systems in general as a community effort, but also provide open source alternatives that can be inspected by security researchers rather than being expected to lean on the ‘trust me bro’ security practices of the average car manufacturer.
Although a big ask considering how secretive car manufacturers are, this would seem to be an issue that we should tackle sooner rather than later, as more and more older cars turn into driving security exploits just waiting to happen.