Blackberry Eyes Up Car Anti-Virus Market

May 19, 2017 by Jack Laidlaw 73 Comments

[Reuters] reports that BlackBerry is working with at least two car manufacturers to develop a remote malware scanner for vehicles, On finding something wrong the program would then tell drivers to pull over if they were in critical danger.

The service would be able to install over-the-air patches to idle cars and is in testing phase by Aston Martin and Range Rover. The service could be active as early as next year, making BlackBerry around $10 a month per vehicle.

Since the demise of BlackBerry in the mobile phone sector, they’ve been hard at work refocusing their attention on new emerging markets. Cars are already rolling computers, and now they’re becoming more and more networked with Bluetooth and Internet connections. This obviously leaves cars open to new types of attacks as demonstrated by [Charlie Miller] and [Chris Valasek]’s hack that uncovered vulnerabilities in Jeeps and led to a U.S. recall of 1.4 million cars.

BlackBerry seem to be hedging their bets on becoming the Kingpin of vehicle anti-virus. But do our cars really belong on the Internet in the first place?

Solar Powered Camper Is A Magic Bus Indeed

May 17, 2017 by Dan Maloney 36 Comments

There’s no doubt that Volkswagen’s offerings in the 1960s and early 1970s were the hippie cars of choice, with the most desirable models being from the Type 2 line, better known as the Microbus. And what could be even hippier than
converting a 1973 VW Microbus into a solar-electric camper?

For [Brett Belan] and his wife [Kira], their electric vehicle is about quality time with the family. And they’ll have plenty of time, given that it doesn’t exactly ooze performance like a Tesla. Then again, a Tesla would have a hard time toting the enormous 1.2 kW PV panel on its roof like this camper can, and would look even sillier with the panel jacked up to maximize its solar aspect. [Brett] uses the space created by the angled array to create extra sleeping space like the Westfalia, a pop-top VW camper. The PV array charges a bank of twelve lead-acid golf cart batteries which power an AC motor through a 500-amp controller. Interior amenities include a kitchenette, dining table, and seating that cost as much as the van before conversion. There’s no word on interior heat, but honestly, that never was VW’s strong suit — we speak from bitter, frostbitten experience here.

As for being practical transportation, that just depends on your definition of practical. Everything about this build says “labor of love,” and it’s hard to fault that. It’s also hard to fault [Brett]’s choice of platform; after all, vintage VWs are the most hackable of cars.

Continue reading “Solar Powered Camper Is A Magic Bus Indeed” →

Reverse Engineering An Ultrasonic Car Parking Sensor

May 16, 2017 by Jenny List 18 Comments

It has become a common sight, a must-have feature on modern cars, a row of ultrasonic sensors embedded in the rear bumper. They are part of a parking sensor, an aid to drivers for whom depth perception is something of a lottery.

[Haris Andrianakis] replaced the sensor system on hs car, and was intrigued enough by the one he removed to reverse engineer it and probe its workings. He found a surprisingly straightforward set of components, an Atmel processor with a selection of CMOS logic chips and an op-amp. The piezoelectric sensors double as both speaker and microphone, with a CMOS analogue switch alternating between passing a burst of ultrasound and then receiving a response. There is a watchdog circuit that is sent a tone by the processor, and triggers a reset in the event that the processor crashes and the tone stops. Unfortunately he doesn’t delve into the receiver front-end circuitry, but we can see from the pictures that it involves an LC filter with a set of variable inductors.

If you have ever been intrigued by these systems, this write-up makes for an interesting read. If you’d like more ultrasonic radar goodness, have a look at this sweeping display project, or this ultrasonic virtual touch screen.

Car Security Experts Dump All Their Research And Vulnerabilities Online

May 14, 2017 by Jack Laidlaw 81 Comments

[Charlie Miller] and [Chris Valasek] Have just released all their research including (but not limited to) how they hacked a Jeep Cherokee after the newest firmware updates which were rolled out in response to their Hacking of a Cherokee in 2015.

FCA, the Corp that owns Jeep had to recall 1.5 million Cherokee’s to deal with the 2015 hack, issuing them all a patch. However the patch wasn’t all that great it actually gave [Charlie] and [Chris] even more control of the car than they had in the first place once exploited. The papers they have released are a goldmine for anyone interesting in hacking or even just messing around with cars via the CAN bus. It goes on to chronicle multiple hacks, from changing the speedometer to remotely controlling a car through CAN message injection. And this release isn’t limited to Jeep. The research covers a massive amount of topics on a number of different cars and models so if you want to do play around with your car this is the car hacking bible you have been waiting for.

Jeep are not too happy about the whole situation. The dump includes a lot of background for vehicles by multiple manufactureres. But the 2015 hack was prominent and has step by step instructions. Their statement on the matter is below.

Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

We anticipate seeing an increasing number of security related releases and buzz as summer approaches. It is, after all, Network Security Theatre season.

Better Car Audio With Guitar Effects

May 13, 2017 by Lewin Day 18 Comments

Automotive sound is a huge deal; for many people, it’s the place to listen to music. Back in the 80s, you were lucky to get anything more than two door speakers in the front of the car. Fast forward to today, and you can expect a 10-speaker system in an up-spec’d family sedan.

[Josh] has a car, and wanted to improve the sound. In particular, the aim was to improve the sense of space felt when listening. A car is a relatively small space, and the driver sits in close proximity to the front speakers, so it’s difficult to get a good soundstage.

[Josh]’s approach was to create a “surround” effect for the car stereo, by feeding a left/right difference signal to the rear speakers. This was achieved by the use of a series of op-amps that buffer and then generate a mono signal that represents the difference between the left and right channel. For optimum results, [Josh] wanted to delay the signal being sent to the rear speakers, with a longer delay making the soundstage feel bigger, as if reflections are coming from farther away in a bigger room. To do this, [Josh] simply hooked up the signal to a Boss DD-3 Digital Delay guitar pedal – an off-the-shelf solution to an otherwise sticky problem. The DD-3 gives [Josh] a variable delay time with reasonably high fidelity, so it’s a perfect way to get the project done quickly.

The final piece of the puzzle is a filter. The difference signal doesn’t actually sound all that pleasant to the ears by itself, especially when it comes to transient high-pitched sounds like cymbals, so a lowpass filter is implemented to cut these higher frequencies down.

[Josh] made everything adjustable, from the filter to the delay, so it’s simple to dial things in until they’re just right, rather than relying on calculation or guesswork. The general idea is to feed the difference signal into the rear speakers at a low enough volume and with a subtle delay so that it adds to a general feeling of being in a larger room with the sound coming from all around, as opposed to listening to very loud point sources of audio.

It’s a cool project that we imagine would be very satisfying to dial in and enjoy on the road. What’s more, it’s a fairly straightforward build if you want to experiment with it yourself on your own car. Perhaps your problem is that you need an auxiliary input to your head unit, though – in that case, check out this Subaru project.

Reverse-Engineering The Peugeot 207’s CAN Bus

May 4, 2017 by Anool Mahidharia 53 Comments

Here’s a classic “one thing led to another” car hack. [Alexandre Blin] wanted a reversing camera for his old Peugeot 207 and went down a rabbit hole which led him to do some extreme CAN bus reverse-engineering with Arduino and iOS. Buying an expensive bezel, a cheap HDMI display, an Arduino, a CAN bus shield, an iPod touch with a ghetto serial interface cable that didn’t work out, a HM-10 BLE module, an iPad 4S, the camera itself, and about a year and a half of working on it intermittently, he finally emerged poorer by about 275€, but victorious in a job well done. A company retrofit would not only have cost him a lot more, but would have deprived him of everything that he learned along the way.

Adding the camera was the easiest part of the exercise when he found an after-market version specifically meant for his 207 model. The original non-graphical display had to make room for a new HDMI display and a fresh bezel, which cost him much more than the display. Besides displaying the camera image when reversing, the new display also needed to show all of the other entertainment system information. This couldn’t be obtained from the OBD-II port but the CAN bus looked promising, although he couldn’t find any details for his model initially. But with over 2.5 million of the 207’s on the road, it wasn’t long before [Alexandre] hit jackpot in a French University student project who used a 207 to study the CAN bus. The 207’s CAN bus system was sub-divided in to three separate buses and the “comfort” bus provided all the data he needed. To decode the CAN frames, he used an Arduino, a CAN bus shield and a python script to visualize the data, checking to see which frames changed when he performed certain functions — such as changing volume or putting the gear in reverse, for example.

The Arduino could not drive the HDMI display directly, so he needed additional hardware to complete his hack. While a Raspberry Pi would have been ideal, [Alexandre] is an iOS developer so he naturally gravitated towards the Apple ecosystem. He connected an old iPod to the Arduino via a serial connection from the Dock port on the iPod. But using the Apple HDMI adapter to connect to the display broke the serial connection, so he had to put his thinking cap back on. This time, he used a HM-10 BLE module connected to the Arduino, and replaced the older iPod Touch (which didn’t support BLE) with a more modern iPhone 4S. Once he had all the bits and pieces working, it wasn’t too long before he could wrap up this long drawn upgrade, but the final result looks as good as a factory original. Check out the video after the break.

It’s great to read about these kinds of hacks where the hacker digs in his feet and doesn’t give up until it’s done and dusted. And thanks to his detailed post, and all the code shared on his GitHub repository, it should be easy to replicate this the second time around, for those looking to upgrade their old 207. And if you’re looking for inspiration, check out this great Homemade Subaru Head Unit Upgrade.

Continue reading “Reverse-Engineering The Peugeot 207’s CAN Bus” →

Stealing Cars For 20 Bucks

April 27, 2017 by Pedro Umbelino 85 Comments

[Yingtao Zeng], [Qing Yang], and [Jun Li], a.k.a. the [UnicornTeam], developed the cheapest way so far to hack a passive keyless entry system, as found on some cars: around $22 in parts, give or take a buck. But that’s not all, they manage to increase the previous known effective range of this type of attack from 100 m to around 320 m. They gave a talk at HITB Amsterdam, a couple of weeks ago, and shown their results.

The attack in its essence is not new, and it’s basically just creating a range extender for the keyfob. One radio stays near the car, the other near the car key, and the two radios relay the signals coming from the car to the keyfob and vice-versa. This version of the hack stands out in that the [UnicornTeam] reverse engineered and decoded the keyless entry system signals, produced by NXP, so they can send the decoded signals via any channel of their choice. The only constraint, from what we could tell, it’s the transmission timeout. It all has to happen within 27 ms. You could almost pull this off over Internet instead of radio.

The actual keycode is not cracked, like in a HiTag2 attack. It’s not like hacking a rolling key keyfob either. The signals are just sniffed, decoded and relayed between the two devices.

A suggested fix from the researchers is to decrease this 27 ms timeout. If it is short enough, at least the distance for these types of attacks is reduced. Even if that could eventually mitigate or reduce the impact of an attack on new cars, old cars are still at risk. We suggest that the passive keyless system is broken from the get-go: allowing the keyfob to open and start your car without any user interaction is asking for it. Are car drivers really so lazy that they can’t press a button to unlock their car? Anyway, if you’re stuck with one of these systems, it looks like the only sure fallback is the tinfoil hat. For the keyfob, of course.

[via Wired]