Salvaging Your Way to a Working Tesla Model S for $6500

If you possess modest technical abilities and the patience of a few dozen monks, with some skillful haggling you can land yourself some terrific bargains by salvaging and repairing. This is already a well-known ideology when it comes to sourcing things like electronic test gear, where for example a non working unit might be purchased from eBay and fixed for the price of a few passive components.

[Rich] from Car Guru has taken this to a whole new level by successfully salvaging a roadworthy Tesla Model S for $6500!

Sourcing and rebuilding a car is always a daunting project, in this case made even more challenging because the vehicle in subject is fairly recent, state of the art electric vehicle. The journey began by purchasing a black Tesla Model S, that [Rich] affectionately refers to as Delorean. This car had severe water damage rendering most of its electronics and mechanical fasteners unreliable, so [Rich’s] plan was to strip this car of all such parts, and sell what he could to recover the cost of his initial purchase. After selling the working modules of the otherwise drenched battery, motor and a few other bells and whistles his initial monetary investment was reduced to the mere investment of time.

With an essentially free but empty Tesla shell in his possession, [Rich] turned his attention to finding a suitable replacement for the insides. [Rich] mentions that Tesla refused to sell spare parts for such a project, so his only option was to purchase a few more wrecked vehicles. The most prominent of these wrecks was nicknamed Slim Shady. This one

The Donor

had an irreparable shell but with most electronics preserved, and would serve as the donation vehicle. After painstakingly transplanting all the required electronics and once again selling what he did not need, his net investment came to less than 10% of a new car!

Was all of the effort worth it? We certainly think it was! The car was deemed road worthy and even has functioning Super Charging capabilities which according to [Rich] are disabled by Tesla if such a Frankenstein build is detected.

At this point it would probably be instructive to ask [Rich] if he would do it again, but he is already at it, this time salvaging the faster self driving P86. We suggest you stay tuned.

[Thankyou to Enio Fernandes for sending in the tip]

Continue reading “Salvaging Your Way to a Working Tesla Model S for $6500”

Blackberry Eyes Up Car Anti-Virus Market

[Reuters] reports that BlackBerry is working with at least two car manufacturers to develop a remote malware scanner for vehicles, On finding something wrong the program would then tell drivers to pull over if they were in critical danger.

The service would be able to install over-the-air patches to idle cars and is in testing phase by Aston Martin and Range Rover. The service could be active as early as next year, making BlackBerry around $10 a month per vehicle.

Since the demise of BlackBerry in the mobile phone sector, they’ve been hard at work refocusing their attention on new emerging markets. Cars are already rolling computers, and now they’re becoming more and more networked with Bluetooth and Internet connections. This obviously leaves cars open to new types of attacks as demonstrated by [Charlie Miller] and [Chris Valasek]’s hack that uncovered vulnerabilities in Jeeps and led to a U.S. recall of 1.4 million cars.

BlackBerry seem to be hedging their bets on becoming the Kingpin of vehicle anti-virus. But do our cars really belong on the Internet in the first place?

Car Security Experts Dump All Their Research and Vulnerabilities Online

[Charlie Miller] and [Chris Valasek] Have just released all their research including (but not limited to) how they hacked a Jeep Cherokee after the newest firmware updates which were rolled out in response to their Hacking of a Cherokee in 2015.

FCA, the Corp that owns Jeep had to recall 1.5 million Cherokee’s to deal with the 2015 hack, issuing them all a patch. However the patch wasn’t all that great it actually gave [Charlie] and [Chris] even more control of the car than they had in the first place once exploited. The papers they have released are a goldmine for anyone interesting in hacking or even just messing around with cars via the CAN bus. It goes on to chronicle multiple hacks, from changing the speedometer to remotely controlling a car through CAN message injection. And this release isn’t limited to Jeep. The research covers a massive amount of topics on a number of different cars and models so if you want to do play around with your car this is the car hacking bible you have been waiting for.

Jeep are not too happy about the whole situation. The dump includes a lot of background for vehicles by multiple manufactureres. But the 2015 hack was prominent and has step by step instructions. Their statement on the matter is below.

Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

We anticipate seeing an increasing number of security related releases and buzz as summer approaches. It is, after all, Network Security Theatre season.

Stealing Cars for 20 Bucks

[Yingtao Zeng], [Qing Yang], and [Jun Li], a.k.a. the [UnicornTeam], developed the cheapest way so far to hack a passive keyless entry system, as found on some cars: around $22 in parts, give or take a buck. But that’s not all, they manage to increase the previous known effective range of this type of attack from 100 m to around 320 m. They gave a talk at HITB Amsterdam, a couple of weeks ago, and shown their results.

The attack in its essence is not new, and it’s basically just creating a range extender for the keyfob.  One radio stays near the car, the other near the car key, and the two radios relay the signals coming from the car to the keyfob and vice-versa. This version of the hack stands out in that the [UnicornTeam] reverse engineered and decoded the keyless entry system signals, produced by NXP, so they can send the decoded signals via any channel of their choice. The only constraint, from what we could tell, it’s the transmission timeout. It all has to happen within 27 ms. You could almost pull this off over Internet instead of radio.

The actual keycode is not cracked, like in a HiTag2 attack. It’s not like hacking a rolling key keyfob either. The signals are just sniffed, decoded and relayed between the two devices.

A suggested fix from the researchers is to decrease this 27 ms timeout. If it is short enough, at least the distance for these types of attacks is reduced. Even if that could eventually mitigate or reduce the impact of an attack on new cars, old cars are still at risk.  We suggest that the passive keyless system is broken from the get-go: allowing the keyfob to open and start your car without any user interaction is asking for it. Are car drivers really so lazy that they can’t press a button to unlock their car? Anyway, if you’re stuck with one of these systems, it looks like the only sure fallback is the tinfoil hat. For the keyfob, of course.

[via Wired]

How Those Hackers Took Complete Control of That Jeep

It was an overcast day with temperatures in the mid seventies – a perfect day to take your brand new Jeep Cherokee for a nice relaxing drive. You and your partner buckle in and find yourselves merging onto the freeway just a few minutes later.  You take in the new car smell as your partner fiddles with the central touch screen display.

“See if it has XM radio,” you ask as you play with the headlight controls.

Seconds later, a Taylor Swift song begins to play. You both sing along as the windows come down. “Life doesn’t get much better than this,” you think. Unfortunately, the fun would be short lived. It started with the windshield wipers coming on – the dry rubber-on-glass making a horrible screeching sound.

“Hey, what are you doing!”

“I didn’t do it….”

You verify the windshield wiper switch is in the OFF position. You switch it on and off a few times, but it has no effect. All of the sudden, the radio shuts off. An image of a skull and wrenches logo appears on the touchscreen. Rick Astley’s “Never Gonna Give You Up” begins blaring out of the speakers, and the four doors lock in perfect synchronization. The AC fans come on at max settings while at the same time, you feel the seat getting warmer as they too are set to max. The engine shuts off and the vehicle shifts into neutral. You hit the gas pedal, but nothing happens. Your brand new Jeep rolls to a halt on the side of the freeway, completely out of your control.

Sound like something out of a Hollywood movie? Think again.

[Charlie Miller], a security engineer for Twitter and [Chris Valasek], director for vehicle safety research at IOActive, were able to hack into a 2014 Jeep Cherokee via its wireless on-board entertainment system from their basement. A feature called UConnect, which allows the vehicle to connect to the internet via a cellular connection, has one of those things you might have heard of before – an IP address. Once the two hackers had this address, they had the ‘digital keys’ to the Jeep. From there, [Charlie] and [Chris] began to tinker with the various firmwares until they were able to gain access to the vehicle’s CAN bus. This gives them the ability to control many of the car’s functions, including (under the right conditions) the ability to kill the brakes and turn the steering wheel. You probably already have heard about the huge recall Chrysler issued in response to this vulnerability.

But up until this weekend we didn’t know exactly how it was done. [Charlie] and [Chris] documented their exploit in a 90 page white paper (PDF) and spoke at length during their DEF CON talk in Las Vegas. That video was just published last night and is embedded below. Take look and you’ll realize how much work they did to make all this happen. Pretty amazing.

Continue reading “How Those Hackers Took Complete Control of That Jeep”

Adding Tie Down Points To Almost Any Car

You know, sometimes it’s the simple hacks that get our attention.  If you have a roof rack, and use it often to shuttle things around, adding these stow-away, front tie downs might be for you.

Most all cars will have a few bolts along the top of the fender that ties into a semi-rigid or structural part of the vehicle. [Andrew Morrow] used about 12 inches of nylon strap, added a hole to the both ends, and attached them to the fender bolts. With the hood closed, he now has a convenient tie down location for what ever he’s hauling around.  We love that when not in use they simply can be stored beneath the hood. Hidden away, but not something you’ll forget to bring with you, or easily lost.  Just make sure that they don’t come in contact with moving engine parts, or hot exhaust manifolds.