back to article Verizon wants to smartify old cars

Black, grey, and white hats associated with car hacking are flying in the air today, with Verizon announcing it's going to vastly expand their attack surface. That's not what the US network operator actually says, of course. What the company has announced is that its “project hum” has gone general-availability. Hum is …

  1. Chairo
    WTF?

    The good news? It at least doesn't actually control anything; all it does is locate the vehicle with “pinpoint accuracy” and give it the ability to summon emergency services.

    Sure - and that little connector plugged in the OBD port is completely passive, right?

    Fact is that pretty much all engine ECUs listen to a certain CAN frame from the ESP (stability control) control unit. And this frame can be send from the OBD connector. This is how some chip tuning solutions work. They listen to the accelerator pedal signal and add some additional torque, to make the vehicle more "responsive".

    This interface is vehicle manufacturer specific, so once you are in the system you could give for example all people driving a certain brand a hefty push for a few seconds. Really nasty, especially if you are driving a vehicle with automatic transmission.

    There might be other bad things you can do over the vehicle CAN, but that one I know for sure.

    Generally I find it negligent to connect the vehicle CAN to the internet, even with a firewall between there is no 100% guarantee that it will not be hacked. Systems that can potentially kill you if misused should always be air-gapped IMO.

    1. Neil Barnes Silver badge
      Boffin

      Indeed. To know where the vehicle is with pinpoint accuracy, and to be able to call emergency services, is something at which a mobile phone is rather good, without any need of connection to anything. Hell, it'll even work on my pedal-powered bicycle.

      Remind me: what's the USP on this thing?

      1. Chairo

        to be able to call emergency services, is something at which a mobile phone is rather good

        Well, that "be able to call" thing is the key here. You might not be able to make a call after a crash.

        Generally it's a good idea to have a system that calls automatically for help after a car crash. But the system must be made in a way that it cannot be misused. Unfortunately most of these emergency call systems connect to the CAN to acquire things like vehicle speed and airbag status.

        There is a lot of useful information available there, but unfortunately it is a completely unsecured bus. The control units accept pretty much every input sent to them via CAN, so it is really playing with fire to connect it to the internet. I have the same concerns for the new "Usage Based Insurance" systems. These things are just waiting to be hacked.

        It sounds hysteric, but effectively you can mis-use these systems by checking the driving situation of a particular person and at the right moment send a torque demand to kill him or her.

        Paranoid - perhaps, but I'm pretty sure there are people in the wild wild web who would be more than happy to anonymously kill others.

    2. Phil O'Sophical Silver badge
      WTF?

      Negligent?

      They want to connect the diagnostic port of my car to the internet? That's not negligent, it's flaming bonkers!

    3. Anonymous Coward
      Facepalm

      It is air-gapped

      That's what the cellular interface is for.

  2. Fraggle850

    These will be hacked

    Given that an insurance black box was recently hacked on a Corvette by text message I see no reason to believe that this technology won't prove to have similar vulnerabilities in future. In the case of the Corvette I gather that attackers were able to apply the brakes and even disable them altogether at low speed.

    I can see no reason to install a new attack vector on a previously immune older vehicle.

  3. Phil O'Sophical Silver badge
    Thumb Down

    Smartify?

    Really?

    1. Elmer Phud

      Re: Smartify?

      It's a last gasp attempt to get Smart car drivers to try annd emulate the name of thier vehicle rather than become the opposite as soon as the door is closed and the blinkers set in place.

  4. Steve Davies 3 Silver badge
    Big Brother

    Is that 50Hz Hum I hear or is this going to be 60Hz only?

    Thankfully (at the moment) Verizon's tentacles don't extend over the Pond.

    At least my old TR4A won't get it even if it does come over here. There is nothing electronic on it apart from the ignition system. Points are.... Pointless really.

    Before anyone asks there isn't even a Radio because that was an optional extra.

  5. Anonymous Coward
    Anonymous Coward

    a self-installed solution

    hell, and I read that as "well-installed solution" (from Verizon)...

  6. Anonymous Coward
    Anonymous Coward

    I'm one of the Hum 'early adopters', and a CDMA... well, reverse engineer.

    Modem inside the telematics dongle is a Sierra SL3010. Shows up on USB as a mux device with a bunch of serial ports hanging off of it. One of which is Qualcomm's glorious diagnostics interface. Plaintext configs are buried in the electronic filesystem of the device. I haven't done much to it from the USB side though I was able to change the numbers it called out on for emergency and non-emergency calls.

    Interestingly, the phone number programmed in the module is a non-reachable number (area code 500), and oddly, the data parameters seemed to suggest it was using Verizon's old QNC network for 14.4k data (via dialup) to upload the data it needed to push off to Hughes Telematics' servers.

    BTW, the device is the exact same as used by the State Farm insurance company for its' telemetry tracking programme.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like