I heard this mentioned a few weeks back on "Know How" (twit.tv/kh, a much improved online show for makers; worth sampling if you haven't seen it or haven't looked at it in the last 6 months).
A $60 Gadget That Makes Car Hacking Far Easier http://www.wired.com/2015/03/60-gadget-thatll-make-car-hacking-easier-ever/ Tomorrow at the Black Hat Asia security conference in Singapore, 24-year-old Eric Evenchick plans to present a new device he calls the CANtact. The open source board, which he hopes to sell for between $60 and $100, connects on one end to a computer's USB port, and on the other to a car or truck's OBD2 port, a network port under its dashboard. That makes the CANtact a cheap interface between any PC and a vehicle's controller area network or CAN bus... My first thought was, "yeah, so? How is this better than the ODB2-to-Bluetooth interfaces you can get on Amazon for $20?" It seems that some of the answer is less about hardware and more about software. ...the CANtact is designed to send commands in Unified Diagnostics Services, the CAN protocol that auto mechanics use to communicate with electronic control units (or ECUs) throughout a vehicle. ...Evenchick has written open source software for CANtact that automates much of the manual work of CAN bus hacking. ... That allows anyone to write python scripts that can automatically trigger commands in a car's digital network that range from turning off its "check engine" light to automatically pumping its brakes. ...by publishing its software on Github, he hopes the code will become a collection of different hackers' techniques that target individual vehicle makes and models. It's still an open question why you can't use one of those cheap Bluetooth interfaces. They are claiming their USB interface replaces rather expensive gear: "I realized that there were no good tools for me to play around with this stuff outside of what the auto industry uses, and those are incredibly expensive," Evenchick says, referring to products sold by companies like Vector that can cost tens of thousands of dollars. Although they partially contradict that later when they say they reurposed a $150 device made for some other purpose to substitute for an auto industry device costing $1200. All of those are cheaper than "tens of thousands of dollars," but that price probably includes software tooling. Anyway, seems like good news for those who want to hack the electronics on their cars. Even if the hardware side of his project isn't entirely needed (if a $150 device can be used, dropping the price to $100 won't necessarily expand the market much) the software and community formed around it might spur on a flood of reverse engineered data being shared. That is until the auto industry starts to view it as a threat and locks down the CAN bus so only authorized devices can connect. (Although chances are good that they'll do it in a dumb way, like DVD encryption, so everyone will have a usable, though illegal (thank DMCA), key once someone extracts one from a commercial tool.) But then I guess that's where the EFF's "right to repair your car petition" comes into play: https://www.eff.org/deeplinks/2015/04/automakers-say-you-dont-really-own-your-car I like the concept, and I can see the logic of going after the auto industry as low hanging fruit. (This is an easier to grasp concept to sell to the public and politicians.) But it still feels inconsistent to demand this kind of oneness for automotive electronics and not require the same of other industries. -Tom _______________________________________________ Hardwarehacking mailing list [email protected] http://lists.blu.org/mailman/listinfo/hardwarehacking
