Photo of the head unit , with "Hacked by greenluigi1" in the center of the UI

Hacker Liberates Hyundai Head Unit, Writes Custom Apps

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the app framework running the dash and created his own app. Not just for show – after hooking into the APIs available to the dash and accessible through header files, he was able to monitor car state from his app, and even lock/unlock doors. In the end, the dash got completely conquered – and he even wrote a tutorial showing how anyone can compile their own apps for the Hyundai Ionic D-Audio 2V dash.

In this series of write-ups [greenluigi1] put together for us, he walks us through the entire hacking process — and they’re a real treat to read. He covers a wide variety of things: breaking encryption of .zip files, reprogramming efused MAC addresses on USB-Ethernet dongles, locating keys for encrypted firmware files, carefully placing backdoors into a Linux system, fighting cryptic C++ compilation errors and flag combinations while cross-compiling the software for the head unit, making plugins for proprietary undocumented frameworks; and many other reverse-engineering aspects that we will encounter when domesticating consumer hardware.

This marks a hacker’s victory over yet another computer in our life that we aren’t meant to modify, and a meticulously documented victory at that — helping each one of us fight back against “unmodifiable” gadgets like these. After reading these tutorials, you’ll leave with a good few new techniques under your belt. We’ve covered head units hacks like these before, for instance, for Subaru and Nissan, and each time it was a journey to behold.

Kia Recalls Cars Over Airbag Controller Assembly Issue

Last month Kia Motors announced a large recall due to possibly defective airbag controller units (ACU). The recall spans many models and model years — in the United States alone it covers over 400K cars, and over half a million cars worldwide. From the NHTSA report we learn that the problem happened at assembly when the cover of some ACUs interfered with the pins of an EEPROM chip. This can cause some of the pins to open-circuit. If your car had this problem, a warning light would come on, but more seriously, the airbags would not deploy in an accident. Kia estimates that less than 1% of the cars using this ACU have this issue. Cars which have this fault will get a new ACU, and other cars will get a firmware upgrade to keep this from happening should the EEPROM pins break loose in the future.

We think this EEPROM is used for logging errors and crash events, and is therefore not in the critical path for airbag deployment. The original firmware apparently prevented deployment if the EEPROM had a fault. Presumably, after this patch, if pins break in the future, the fault indicator still lights up but you’ll have functioning airbags.

It’s not clear if these broken EEPROM pin solder joints were present from the start and the factory test procedures didn’t catch the problem. Or did the pins left the factory intact and were subsequently broke due to bumps and vibrations. Hardware issues aside, having safety critical firmware perform its primary function even when faults exist in non-essential parts of the circuit seems like a requirement that should have been applied to the ACU from the beginning.

This is a reminder of the importance of enclosure design and making sure your PCB layouts take into account all clearances necessary for the entire assembly. How many times have you got your PCB back and realized you forgot to even put mounting holes?

We covered a similar issue a couple of years ago regarding the Takata airbag fiasco. If you have a Kia, this form on their website tells you whether your vehicle is subject to the recall or not.