As cars increasingly become computers on wheels, the attack surface for digital malfeasance increases. [PCAutomotive] has shared its exploit for turning the 2020 Nissan Leaf into 1600 kg RC car. [PDF via Electrek]
Starting with some scavenged infotainment systems and wiring harnesses, the group built test benches able to tear into vulnerabilities in the system. An exploit was found in the infotainment system’s Bluetooth implementation, and they used this to gain access to the rest of the system. By jamming the 2.4 GHz spectrum, the attacker can nudge the driver to open the Bluetooth connection menu on the vehicle to see why their phone isn’t connecting. If this menu is open, pairing can be completed without further user interaction.
Once the attacker gains access, they can control many vehicle functions, such as steering, braking, windshield wipers, and mirrors. It also allows remote monitoring of the vehicle through GPS and recording audio in the cabin. The vulnerabilities were all disclosed to Nissan before public release, so be sure to keep your infotainment system up-to-date!
If this feels familiar, we featured a similar hack on Tesla infotainment systems. If you’d like to hack your Leaf for the better, we’ve also covered how to fix some of the vehicle’s charging flaws, but we can’t help you with the loss of app support for early models.
Infotainment and CANBUS should be air-gapped. That Slate truck is looking better all the time. (No infotainment as standard, can add an Android Auto screen from $20-40 on Amazon)
But this way you can download and install new firmware to the car using your phone!! Isn’t that great!!!!
And the irony is the manufacturers cite ‘security’ as the reason why the infotainment is so closely married to the various networks and computers because it’s locked to the VIN or someother such uniquely identifiable electronic tag.
People think Apple are the bad guys for their restrictive practices in tying spare parts to unique identifiers but car manufacturers have been doing it for decades and almost every one of those spare parts that’s somehow ‘paired’ is a route onto the vehicle network.
I don’t think anyone has given a shit about stealing “infotainment” from cars since the turn of the millennium, especially since it’s all integrated and weird shapes rather than an ISO DIN standard unit you can swap for a better one like would be sensible and consumer-friendly.
It has declined severely but Infotainment stuff still gets stolen for resale or even to order because dealer prices for replacement of faulty stuff is insane and it’s actually not that difficult to pair a system with a new vehicle if you have the right scan tool*
*For clarity, I am not involved in that ‘trade’, but I was heavily involved in the import and sale of automotive diagnostic equipment including scan tools which were capable of pairing, reprogramming and pretty much every other computer related task you might need to do on a modern vehicle.
Why does the infotainment system even have access to anything that could control the car?
The irony is that on the OBDII port there is usually a Secure Gateway that restricts CANBUS access, but the infotainment system gets full fettered access to it for no reason. Oh gosh!
proposal for a reboot of the movie Runaway…
extortionist finds a way to take control of your car. it runs extremely dangerously with a countdown and demands access to your bank account or the corner coming up, you go into a wall with all the safety gear disabled.
alternately, a video feed of your kids in a driverless taxi you use to pick them up from school. deposit money in an account or they go into the nearest lake with the doors locked, or a wall at 120mph. you have 5 minutes to comply…(sounds of screaming children)…four minutes thirty seconds…
also, taking control of police and other emergency vehicles is on the menu…
hero is a auto mechanic turned cop who is the only one who can track the guy down…he also has the sole remaining roadworthy non-connected police car….
“hero is a auto mechanic turned cop [..]”
auto mechatronic, rather. Plain mechanic nolonger is a real occupation, except in the movies.
Definitely should be cop-turned-mechanic, or former TLA agent-turned-mechanic.
Afaik LAPD/CHP has had this available for perhaps 25+ years, but it is limited to vehicle shutdown.
Some of you are asking, why the infotainment is able to control steering and braking. It’s because, there is an auto-parking functionality. Which is controlled by the infotainment unit.
Still dumb – that’s like saying you should be able to hijack a plane from your seat because the screen needs to show the little map of where the plane is.
autoparking does much more than show a map
Autoparking still does not need to be done by the infotainment system, the fact that it often is, is just stupid, plus it absolutely ties you to the OEM infotainment system and then you’re stuck with outdated maps, no support for new external devices, outdated operating system etc with no update/upgrade route unless you’re willing to lose the autopark functionality (which I know is unnecessary for most people but disabled friends rely on it)
The infotainment system has access to the car’s cameras and other sensors. And it has quite a bunch more of computing power than the tiny CPUs in the OBD subsystems.
From that perspective it does make quite some sense.
Of course it could be a separate module. But another module with the power of the infotainment module, but only one use, would add quite some dollars to the BOM for something that could easily be done by the infotainment module.
Save $100 on the bom, and you make a $10 million profit for every 100.000 cars sold.
“From that perspective it does make quite some sense.”
It really doesn’t make sense. If autopark – which is a critical function since it has access to a drivetrain – requires brains, why are you sharing brains with playing music, which is not a critical function?
It doesn’t even realistically make sense from a cost perspective, either, since if you split off the infotainment portion to decouple it from the rest of the car and standardized it, you’d save money on the BOM in the end since the cost would drop due to economies of scale and software reuse over a larger base. There’s a reason why infotainment modules switched away from custom OSes.
But the issue is that infotainment crap allows them additional branding, and some people weirdly like shiny things in something where they should be focusing on surviving.
I despise all of this. If you don’t know how to park you probably shouldn’t have a license.
I’m still driving a car with no network connectivity (including Bluetooth), self parking, etc. Buying my next vehicle is going to be a royal pain since all of these dumb ‘features’ have been standard for so many years
If you attempt to spend a new car payment on your old car every month it will outlast you (and might look really really gandy, know yourself).
Eventually the insurance companies will try to interfere.
But they have yet to make it difficult to insure my 1960.
Despite the 2 door car’s 3tons weight, 4 wheel drum brakes and 6 mpg.
They know people with old old cars baby them…
This all assumes you don’t live in ‘salted road’ country.
If you do, move.
That’s a tell.
To para the old joke:
Nobody ever setout for Minnesota, that’s just where the wagon broke down.
Why they all have broken wagon wheels at the gate…Dontyano.
people know how to park, but car makers try to let people as little as possible directly around them. smaller windows, bigger a, b and c bars, almost no rear window. rear camera tries to replace that, but gives you no awareness of the surroundings. no wonder people cannot park anymore.
No, i try to keep my 32 year old car on the road as long as possible. the only computer is has, is for the central door locks and remote. I can fix everything myself
An Estonian company has been converting Nissan Leafs to remote-controlled for a while:
https://elmorent.ee/en/
And this is why I still like a car that requires having skill enough to use a third pedal…