A Million Zombie Taxis By 2020? It’s Not Going To Happen

May 6, 2019 by Jenny List 51 Comments

The tech world has a love for Messianic figures, usually high-profile CEOs of darling companies whose words are hung upon and combed through for hidden meaning, as though they had arrived from above to our venture-capital-backed prophet on tablets of stone. In the past it has been Steve Jobs or Bill Gates, now it seems to be Elon Musk who has received this treatment. Whether his companies are launching a used car into space, shooting things down tubes in the desert, or synchronised-landing used booster rockets, everybody’s talking about him. He’s a showman whose many pronouncements are always soon eclipsed by bigger ones to keep his public on the edge of their seats, and now we’ve been suckered in too, which puts us on the spot, doesn’t it.

Your Johnny Cab is almost here

The latest pearl of Muskology came in a late April presentation: that by 2020 there would be a million Tesla electric self-driving taxis on the road. It involves a little slight-of-hand in assuming that a fleet of existing Teslas will be software upgraded to be autonomous-capable and that some of them will somehow be abandoned by their current owners and end up as taxis, but it’s still a bold claim by any standard.

Here at Hackaday, we want to believe, but we’re not so sure. It’s time to have a little think about it all. It’s the start of May, so 2020 is about 7 months away. December 2020 is about 18 months away, so let’s give Tesla that timescale. 18 months to put a million self-driving taxis on the road. Can the company do it? Let’s find out.

Continue reading “A Million Zombie Taxis By 2020? It’s Not Going To Happen” →

This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by Jonathan Bennett 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day” →

Putting Some Smarts Into An Electric Car Charger

April 27, 2019 by Tom Nardi 22 Comments

Many electric cars feature a timer capability that allows the owner to set which hours they want the vehicle to start pulling a charge. This lets the thrifty EV owner take advantage of the fact that the cost of electricity generally goes down late at night when the demand is lower. The Renault Zoe that [Ryan Walmsley] owns has this feature, but not only does it cost him extra to have it enabled, it’s kind of a hassle to use. So being an enterprising hacker, he decided to implement his own timer in the charger itself.

Now controlling high voltages with a lowly microcontroller might sound dangerous, but it’s actually not nearly as tricky as you might think. The charger and the vehicle actually communicate with low-voltage signals to determine things like the charge rate, so it turns out you don’t need to cut into the AC side of things at all. You just need to intercept the control signals between the two devices and modify them accordingly.

Or do you? As [Ryan] eventually realized, he didn’t need to bother learning how the control signals actually worked since he wasn’t trying to do anything tricky like set the charge rate. He just wanted to be able to stop and start the charging according to what time it was. So all he had to do was put the control signal from his car through a relay controlled by a Particle Photon, allowing him to selectively block communication.

The charger also had an optional key lock, which essentially turns the controller off when the contacts are shorted. [Ryan] put a relay on that as well so he could be absolutely sure the charger cuts the juice at the appropriate time. Then it was just a matter of getting the schedule configured with IFTTT. He mentions the system could even be tweaked to automatically control the charger based on the instantaneous cost of electricity provided by the utility company, rather than assuming overnight is always the most economical.

We’ve seen a fair amount of electric car hacking, but with only a few exceptions, the projects always steer clear of modifying the actual chargers themselves. In general hackers feel a lot safer playing around in the world of DC, but as [Ryan] has shown, safely hacking your EV charger is possible if you do your homework.

Quick And Dirty Immobilizer Hack Lets You Use Cheaper Dumb Keys

April 10, 2019 by Lewin Day 34 Comments

Car enthusiasts can find themselves in a pickle if they’re into cars from the 80s and 90s. These vehicles are much beloved by some, but one can find themselves having to fork out immense amounts of money for repairs and out-of-production parts. Once a car passes that 15 year milestone, suddenly manufacturer support can start to dry up. Even just getting a set of keys can be a problem.

Modern cars tend to use a small chip implanted in the key as a security measure. This chip functions similarly to an RFID chip, being energised by the car’s reader when the driver turns the key in the ignition. If the chip returns the right code, the computer allows the car to start. Getting a new key cut and recoded is expensive, particularly on older cars. Naturally though, there’s a way to hack around the problem.

The trick is to perform surgery on an existing good key, to extract the working chip inside. This chip can then be permanently affixed to the immobilizer’s antenna in the steering column. This allows the driver to use any properly cut “dumb” key to start the car, as the chip will always provide the right signal at startup. It takes some finesse to avoid damaging the delicate chip inside and to know where to look – but with a little work, it’s achievable by even the novice hacker.

It’s a simple hack that can save hundreds of dollars, and is a great way to keep your modern classic on the road for cheap. You can always take things a step further though, and CNC yourself a key from scratch if you’re so inclined.

Three Engines For Every Lada

March 9, 2019 by Bryan Cockfield 23 Comments

If you don’t live in a former Eastern Bloc country, odds are that you’ve never seen a Lada driving around your neighborhood. This car is ubiquitous in Russia and its neighboring countries, though, and for good reason: price. Lada gave many people access to affordable transportation who otherwise would have been walking, but this low price means that it’s a great platform for some excellent car hacks as well.

The guys at [Garage 54], an auto shop in Russia, outfitted one of these discount classics with two extra engines. This goes beyond normal bolt-on modifications you typically see to get modest horsepower gains from a daily driver. The crew had to weld a frame extending out of the front of the car to hold all the extra weight, plus fabricate all the parts needed to get the crankshafts on each engine to connect to each other. After that, it was the “simple” job of tuning the engines to all behave with one another.

This video is really worth watching, as the car was also upgraded with a dually setup on the back with studded tires for extra grip on their ice track. Odds are pretty good that this car isn’t street legal so this is likely the only place they’ll be able to drive it. Other things can be built out of Ladas as well, like lawn mowers for example.

Thanks to [g_alan_e] for the tip!

Continue reading “Three Engines For Every Lada” →

Model Car Indicates Door Is Ajar

March 9, 2019 by Lewin Day 10 Comments

The amount of technology in modern cars is truly staggering. Heated seats, keyless entry, and arrays of helpful cameras are all becoming increasingly common in all but the cheapest of models. [mathisox] drives a slightly older Volkswagen van, which has been converted into a camper. Unfortunately, it lacks a proper door ajar display. Nevermind that, though – there’s a charming solution to this problem.

Rather than stick to the automotive standard of boring indicator lights and low-resolution LCD displays, [mathisox] took a more analogous approach. A small model car matching his van was sourced and quickly gutted for the project. It was then fitted with servos to open and close the doors and rear hatch. The servos are controlled by an Arduino Nano, which reads the door switches in the vehicle and actuates the appropriate parts on the model.

With the model car stuck prominently on the dashboard, it serves as a clear visual indicator of the current status of the vehicle’s doors. It’s far less intrusive than those old Chryslers which repeatedly insisted that a door is a jar.

[Thanks to Raffael for the tip!]

Continue reading “Model Car Indicates Door Is Ajar” →

Car Alarm Hacks 3 Million Vehicles

March 8, 2019 by Al Williams 30 Comments

Pen testing isn’t about evaluating inks. It is short for penetration testing — someone ensuring a system’s security by trying to break in or otherwise attack it. A company called Pen Test Partners made the news last week by announcing that high-end car alarm systems made by several vendors have a critical security flaw that could make the vehicles less secure. They claim about three million vehicles are affected.

The video below shows how alarms from Viper/Clifford and Pandora have a simple way to hijack the application. Once they have access, they can find the car in real time, control the door locks, and start or stop the car engine. They speculate a hacker could set off the alarm from a nearby chase car. You’d probably pull over if your alarm started going off. They can then lock you in your car, approach, and then force you out of the car.

Continue reading “Car Alarm Hacks 3 Million Vehicles” →