Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmCAN Injection: keyless car theft2023-04-05T14:58:05+00:00
https://kentindell.github.io/2023/04/03/can-injection/
jmcan-bus security cars driving infosec exploits can-injectionhttps://pinboard.in/https://pinboard.in/u:jm/b:3060ec1ebc3c/CAN frame injector used in the wild2023-02-21T14:37:26+00:00
https://www.linkedin.com/feed/update/urn:li:activity:7033413508448845824/
jmRemember the report of a Toyota RAV4 stolen by a CAN bus wiring hack, where the thieves broke into the headlight cluster and spliced into the CAN bus? Almost certainly it was this device, a CAN frame injector hidden inside a Bluetooth speaker: https://lnkd.in/e2-tF-WQ
It’s an “emergency no-key start device” 🙄 that’s disguised to pass a cursory stop-and-search by police. It has a ‘retail’ price of €2500 and a BOM cost of $10 - proving how lucrative this ‘market’ is.
Defeating this device is harder: it has hardware to counter secure CAN transceivers like the NXP Stinger, and the only way to defeat devices of this type is via cryptographic protections of CAN messages.]]>can-bus cars security hardware crypto failhttps://pinboard.in/https://pinboard.in/u:jm/b:3741409a5808/Car Hacker's Handbook2018-02-09T16:29:17+00:00
http://opengarages.org/handbook/
jm
Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more convenient. But vehicle technologies haven't kept pace with today's more hostile security environment, leaving millions vulnerable to attack.
The Car Hacker's Handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems.
Then, once you have an understanding of a vehicle's communication network, you'll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more.
Creative Commons Attribution-Noncommercial-ShareAlike license.]]>cars books hacking exploits can-bushttps://pinboard.in/https://pinboard.in/u:jm/b:1e66a783c9f1/HACKERS REMOTELY KILL A JEEP ON THE HIGHWAY—WITH ME IN IT2015-07-21T15:18:17+00:00
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
jmMiller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.
Avoid any car which supports this staggeringly-badly-conceived Uconnect feature:
All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot.
:facepalm:
Also, Chrysler's response sucks: "Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic."]]>hacking security cars driving safety brakes jeeps chrysler fiat uconnect can-bus canhttps://pinboard.in/https://pinboard.in/u:jm/b:96170f4b4a3f/