back to article Want to remotely control a car? $20 in parts, some oily fingers, and you're in command

Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road. Car hacking device Car cracking on a budget The device, which will be shown off at next month's Black Hat Asia …

COMMENTS

This topic is closed for new posts.
  1. Eddy Ito

    Yes please

    Actually it could be just a kill switch and gps locator in case the car gets stolen and I'd be good. Not that it's likely someone would steal my car as it rolls toward 15 years old.

    1. sisk

      Re: Yes please

      Oh, so you have a PoS brand security system? I used to have one of those. Worked marvelously to. Forget to lock your doors? No worries. Leave your windows down? You're fine as long as it doesn't rain. Go into work and forget to turn the car off?* It'll still be there idling when you get out that evening. There are advantages to having a car no one wants to steal.

      *I didn't have time to get my coffee that day. This is why I say caffeine should be listed as an essential nutrient.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yes please

        I knew it wasn't just me!

    2. Hud Dunlap
      Unhappy

      @ Eddy Ito

      Don't count on it. I had one of those nondescript cars, nothing fancy and about six years old. Some one stole it, used it in a series of robberies and then trashed it.

      The Police said it was stolen because it was so nondescript the description of it wasn't useful. Oh and to add insult to injury, there were so many cars of that type around that even the junk yards wouldn't take it.

      1. proud2bgrumpy

        Re: @ Eddy Ito

        On the flip side, I have a 1930's styled kit car (all Ford running gear) that I never lock and the Insurance is super-low because it is of no interest to car thieves (too conspicuous) or joy riders (no back seats for their mates to sit in) or for robbers (too awkward to get in an out of and no storage)

        I'm no fan of *modern* cars - a car is a very hostile environment for delicate electronics (vibration / moisture etc). A car should be able to give you 20+ years of life - so adding delicate electronics to make up for mechanical inadequacies just ensures the lifespan of a modern car is maybe 10 years before it gets crushed - not so environmental after all...

        1. Michael Wojcik Silver badge

          Re: @ Eddy Ito

          I'm no fan of *modern* cars - a car is a very hostile environment for delicate electronics (vibration / moisture etc). A car should be able to give you 20+ years of life - so adding delicate electronics to make up for mechanical inadequacies just ensures the lifespan of a modern car is maybe 10 years before it gets crushed - not so environmental after all...

          I have to disagree - based only on anecdotal evidence for myself and acquaintances, of course, but there you have it.

          I too am a fan of cheap cars. My wife has a moderately nice car that we take on long road trips, and I work from home, so my car only needs to get me around locally. These days I have a 1997 Plymouth Breeze, which was by no means a good car when it was brand new. In the ensuing 17 years1, it's been a fleet car for the North Dakota state government, a personal car for a couple of college students, and routinely driven around the Midwest by my daughter before I ended up with it. Now it lives in Michigan, land of road salt and potholes. Outdoors, because we don't have a garage, and no doubt I'd have some better use for such a structure if we did.

          There's nearly 200000 miles on it now. I maintain it on a strict schedule of "ignore problems until car fails to operate safely, then whack it with the fixing stick until it's in the envelope again"; I have an oil filter and a set of plugs that I bought last summer and still haven't bothered to install. Windscreen's been cracked for the past four years or so. The last repair I did was to jury-rig a new socket for one of the fuses, as the existing one had disintegrated from corrosion; that got me a working radio and brake lamps.

          Starts every time, even in sub-zero (Farenheight) temperatures.

          When I was a kid, my folks owned Chrysler cars - Dodges. Even brand new, the damned things would stall in the rain every time; Dodge couldn't make a watertight distributor cap. We had a (gasoline-engined) Dodge van that would "diesel" (sputter and try to run) for a good 15 seconds after you turned the ignition off. My dad and I were always doing maintenance on the damned thing. At 17 years and 200000 miles, my Breeze is more reliable than that damned van was new.

          For that matter: In 2002 I bought a 1994 Dodge conversion van, to move pets and plants when we moved to Michigan. We had that thing for seven years or so, and it consistently ran better than the '78 Dodge van my parents had. Even when, after years of neglect, the oil filter spontaneously ruptured and my brother had to drive it back to the house with no oil.

          My daughter's now driving a 16-year-old Volvo wagon. Similar story: used hard and put away wet, but it keeps going.

          In my experience, modern cars are often a hell of a lot better than what we had in the '70s and for the most part in the '80s (though there were some standout cheap cars in the '80s, such as the Toyota Tercel and Honda Civic). I like old cars - not "classics", necessarily, but old workhorses that people really used for day-to-day tasks - but I'm not under any illusions that auto engineering and manufacturing hasn't gotten a whole hell of a lot better.

          And don't even get me started on tires.

          1It's old enough to drive itself, but it can't seem to pass the written exam.

      2. Kool-Aid drinker

        Re: @ Eddy Ito

        I had an old Astra that got nicked and used in a burglary. Unfortunately for the crooks, it wouldn't start when they tried to leave the scene of the crime just as the bill turned up. Burglary 101: leave the car engine running to facilitate a fast getaway.

        1. Morten Bjoernsvik

          Re: @ Eddy Ito

          >Burglary 101: leave the car engine running to facilitate a fast getaway.

          Nice :-).

          In Yakutsk, Siberia where the average temperature is -41C in january. On the coldest days

          people leave their cards running while they're on work to ensure it is nice and warm for the trip back home and to assure it starts. Bet what that is doing for the climate.

  2. Anonymous Coward
    Anonymous Coward

    This is probably how Michael Hastings was done in...

    http://en.wikipedia.org/wiki/Michael_Hastings_%28journalist%29#Death

    1. Destroy All Monsters Silver badge
      Paris Hilton

      From Desert Fox to Desert Ox

      Operators operating on him operationally?

      But ... wouldn't the disgruntled ones be military? Not known for large amounts of hack skills nor subtlety. Or intelligence for that matter.

      1. tom dial Silver badge

        Re: From Desert Fox to Desert Ox

        Recalling that the NSA is in the Department of Defense I would not be so quick to dismiss military hackers' skills or intelligence. On the other hand, the idea that the DoD put out a cyber hit on Hastings almost certainly is paranoid fantasy.

  3. dr2chase

    Untraceable?

    I don't think that word means what you think it does. Items from my currently open cart at Digikey keeps on appearing in advertisements, including on this very page.

    1. MrDamage Silver badge
      Headmaster

      Context

      You're reading comprehension skills obviously are not as great as you think they are.

      Untraceable in the instance means;

      Readily available, consumer store bought, with cash. Items such as this cannot be tracked back to the purchaser due to lack of serial numbers and other identifying markers. At best, the authorities will be able to find the manufacturer, but after that, they are at a loss. They will not be able to find out which distributor they were sent to, and thus, re-seller and end customer* will be a great unknown.

      *Obviously the customer would have to take care to wipe off fingerprints and and DNA evidence prior to deployment.

  4. Anonymous Coward
    Anonymous Coward

    Not every car

    First of all, not every car is VW group. Other manufacturers are undecided on CanBUS. Some still do good old analogue harnesses. BMW is pondering automotive Ethernet. It is only the VW empire which has gone CanBUS across their range.

    Second, I would not envy these guys. Bosch patent lawyers (which hold all key IPR on canbus) will be all over them. They might as well transfer any houses, car or any other property to someone else as they are about to be sued out of existence for violating key pieces of Bosch IPR.

    Third - this is showing the future of a car using a shared bus design (regardless of the type). Here is a device which carefully tries to do something to it. It "knows what it is doing". That is actually a best case scenario. Now think of a car where every lightbulb, socket, wiper, sparks, etc are all connected via controllers which will one day go duff. Anyone know a mechanic willing to diagnose a car where one out of several hundred entities connected to the bus is spewing garbage? Think of a car where the aircon goes up and down to max speed and off once a second because you have a duff reading lightbulb on the passenger side. Like it? Did not think so.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not every car

      First, you don't know what the hell your talking about, the can bus is used in many vehicles, not just VW.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not every car

        Quote: "First, you don't know what the hell your talking about, the can bus is used in many vehicles, not just VW."

        I actually do. While it is used in nearly every vehicle, only in VW you have entry points all over the place because the geniuses have put even the rare lightbulbs on CanBus. So (in theory) you can unscrew a rear light cluster, plug yourself into the network, screw it back and voila, you are done.

        In other vehicles it is a couple of nodes under the hood as well as a couple of nodes in the cockpit. The rest is good old analogue harness. This severely limits the amount of places where you can plug yourself in. In fact, you are not likely to have a point where you can hook to it which is externally accessible.

        The key premise of the article is that it is trivial to plug yourself in because the network is readily accessible and pervasive. The article also explicitly mentions the fact that you can plug yourself in at points which are externally accessible and outside the coverage of the car alarm.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not every car

          Again, you've no idea. Take the jeep wrangler for example, the fog lights are on the can bus. This has caused problems with people wiring additional lights up due to the canbus.simply do a search for jeep wrangler canbus to back my findings.

          I think the whole damn cambus is crap, just to install an aftermarket radio, one has to buy a special adaptor cable that cost more than a replacement stereo.

          Hack a day did a very good article on the can bus a few months ago on decoding the canbus, even went as far as explaining hardware neeeded.

          Yes, I've had some experience with the can bus.

    2. Darkimmortal

      Re: Not every car

      VW has probably the most complex implementation of CAN bus - it's pretty ridiculous what is possible on VW cars with the right software and cables.

      But you're entirely wrong about it being VW exclusive. It's on pretty much 100% of recent cars: http://en.wikipedia.org/wiki/CAN_bus

    3. Mephistro

      Re: Not every car

      "Anyone know a mechanic willing to diagnose a car where one out of several hundred entities connected to the bus is spewing garbage?"

      At the AC that posted this comment some six hours before mine:*

      It's not rocket science. The mechanic in question will have a device able to communicate with the vehicle's network and interrogate every device controlled. As some of them have been doing for some time already.

      On a side note, that's why the European initiative that promotes open standards in car's electronic systems makes a lot of sense in order to prevent consumer lock in, abuses by the car makers and security problems.

      Note:* Please, ElReg, bring back the time format you used before. The actual system is totally confusing.

    4. DropBear
      Boffin

      Re: Not every car

      First, as all the others said, CAN bus is everywhere. Second, those guys have not breached anything Bosch owns - CAN bus does not specify anything about what information travelling over it should mean, it just specifies how to shift packets of max. 8 bytes of data apiece - and simply using any chip with CAN built in grants you the right (paid for by the chip manufacturer to Bosch in royalties) to use it however you wish.

      And certainly, CAN says nothing about any encryption or security - if you want some, you have to roll your own on top of it. However, fair warning - unless you have hardware support for it built into the chip, something like an AES cypher takes bloody ages to run on a typical 8-bit micro. I'm not sure you'd like your airbag deployed a few milliseconds too late...

      1. Anonymous Coward
        Anonymous Coward

        Re: Not every car

        re: "I'm not sure you'd like your airbag deployed a few milliseconds too late..."

        Didn't you mean "I'm not sure you'd like your airbag deployed a tomorrow..."

    5. Tom 11

      Re: Not every car

      Even my 1994 Volvo 850 T5 has CAN-bus, one of the first to use it with the ODB II system.

    6. Eddy Ito

      Re: Not every car

      No manufacturer who sells vehicles in the US is undecided on CAN-bus because CAN-bus, ISO 15765-4, has been mandated as the generic OBD-2 interface by the EPA since 2008 and it also applies to OBD-M for all marine applications since the 2009 model year.

      Oddly for VW, the 2008-2011 Beetle only implemented CAN for the basic OBD-2 interface and relied on the slower ISO 9141 protocol for full diagnostics even though the Golf/Jetta had been full CAN since about 2005. The 2012+ Beetle is CAN only I believe.

  5. Synonymous Howard

    I recognize ...

    The Arduino Mini Pro (ebay £3), Bluetooth serial module (£3) and SD card module (£1) .. not yet sure what the green boards are (buffers? level converters?)

    1. DropBear

      Re: I recognize ...

      One of the green thingies has to be the CAN transceiver chip (I vote for the 8-pin one).

  6. Blain Hamon
    Unhappy

    Anyone else hoping it was more a kit that let remotely you drive a car around like on Mythbusters and occasionally on Top Gear?

    My car's immune by nature of being older than Intel's 4004 and having nothing more advanced than three mechanical relays in the regulator. I don't have security by obscurity as much as security by inability, really.

    1. sisk

      Don't the Mythbusters' remote control rigs usually depend on operating the gas, brakes, and steering wheels mechanically rather than plugging directly into the electronics? You just need a little robotics know-how for that sort of thing, not even as advanced as the hobbiests who build battle bots really.

      1. Blain Hamon

        Exactly that, sisk, and you're quite right. It's just that all that the mechanical machinery, hydraulics, and remote control bits and bobs, costs more than $20 in parts.

        1. Ben Bonsall

          Not to mention, once it's there it's quite hard for the driver to get in and not notice something amiss, a *long* time before the car steers itself into a tree and the airbag fails to deploy...

          1. J. Cook Silver badge
            Pint

            @Ben Sonsall

            ... or a fence, as the mythbusters have done. repeatedly. the same section, even. :)

  7. sisk

    So basically the concern here is a high tech version of cutting the brake lines? Other than causing wrecks (which, don't get me wrong, would be bad) the only other potential for mischief I see here would be pranks. Dangerous, stupid pranks, but still pranks. Or am I missing something?

    Yeah it should be locked down, but I don't see it being a real high priority for the auto makers.

    1. Why Not?

      Disabling alarm, creating a near undetectable crash for insurance fraud, disabling alarm, planned carjack etc.

      plenty of possible uses.

      it should be locked down but it costs a few pence per car to do that.

  8. Cheese

    Money Earner

    Maybe they can get the contract for the car disabling kit:

    http://www.bbc.co.uk/news/world-europe-25961096

  9. John Deeb

    obligated conspiracy model

    The question comes to mind if it would be already out in the wild, like a range of custom miniature radio-controlled devices, tapping into engine controls to cause car accidents with complete deniability. The police would not recognize these bits as being foreign to the rest of the car electronics. Hmmm did the Mercedes W140 (1997) engine control unit had any access points?

  10. Donald Becker

    I'm seeing an Arduino Mini, bluetooth module, and SD card module with SD card. That's over $20 right there. The hand soldered boards are likely a MC2515 CAN controller and CAN transceiver.

    You would have to work pretty hard to create havoc with this kit, and it would be very, very model specific.

    Most cars have at least two CAN buses, and often more. If they are designed with version that might be sold in the U.S., they have one CAN bus for OBD2 diagnostics. Once they are using CAN for that, they like use a second CAN bus for the engine control (isolated to prevent malfunctions), one for ABS/steering/stability, and perhaps a another for body and instrument ECUs. Throw in a few slower buses for radio and climate control, lighting, etc. and their is quite a bit to talk to, and this kit is far from being able to handle it.

    There are typically bridges between the buses in order to perform diagnostics from a single point. But again, it's very model specific. And usually quite slow. You won't be able to jam messages, nor flood reply with incorrect information. (Of course you wouldn't be able to do that with an Arduino hooked up to a MC2515 either.)

    1. h4rm0ny

      >>"You would have to work pretty hard to create havoc with this kit, and it would be very, very model specific."

      With this, perhaps. I don't know. But unless there are actual hardware compatibilities which appears to not be the case, surely it's a very small step from this to something you could run from a computer or smartphone and use with almost any car that uses this system. I'm picturing a generic app that you just load up the appropriate make and model of car you want to work with. What's wrong with my understanding here?

    2. kwhitefoot

      My Rover 75 has three separate busses: CAN for critical engine and transmission stuff, K for chassis (karosserie) mounted stuff like entertainment systems and non-critical items, and a lower speed one that handles the security system. I suspect this is true also of BMWs of the same era.

  11. Anonymous Coward
    Anonymous Coward

    Don't tell Marvin the Martian

    CAN gets used for communication between systems on Mars rovers too...

    1. Richard Taylor 2
      Happy

      Re: Don't tell Marvin the Martian

      Well that must be the physical analogue of 'security through obscurity' :-) - several hundred million k of obscurity

    2. Alan Brown Silver badge

      Re: Don't tell Marvin the Martian

      "CAN gets used for communication between systems on Mars rovers too..."

      More likely to be SpaceWire - which is CAN-derived, but not CAN as such.

  12. Anonymous Coward
    Anonymous Coward

    VW Has an evil defence built in.

    On several new AUDI/VW/SEAT etc, if you plug in an ODB Reader and read the ECU engine map out, you will immediately blow some on chip fuses and your car is then utterly immobilised. From READING, not writing.. TRI-Core CPU with "Tuning Protection" i believe, in all cars from 2011...

    Dirty dirty tactics.

    Off topic slightly but still worth knowing.

    1. h4rm0ny

      Re: VW Has an evil defence built in.

      >>"On several new AUDI/VW/SEAT etc, if you plug in an ODB Reader and read the ECU engine map out, you will immediately blow some on chip fuses and your car is then utterly immobilised."

      So they've built in a way for anybody with a six quid device to completely bork any of these cars invisibly and untraceably?

  13. Moses

    Err, sorry, all you fully feathered vultures and associated fowls.

    I have just know registered as a commentard and so then I absorb your alleged ability to squawk forth from my priveledged perch down into these lower places hereabouts. Wherin I am up to my chin, I know.

    I say, can you hear me?

    If so then I say carry on and well done.

    I am in America and will not brag thereof. Accident of birth as are all the minutiae of my life. Just like . . . why, yours!

    Hello, then.

    So, then, who among us trusts the assurances that filter down from above?

    (shoot -- not too long ago twenty dollars worth of tools and the gentle instructions of the old men who taught me how to spin a wrench would have had all of you gridlocked; provided I could get under all your hoods.)

    You only go because your car is independent. Comes the day that it is dependent is the day you cannot go.

    1. Elmer Phud
      WTF?

      As per icon

      "I say, can you hear me?"

      1. Mephistro
        Pint

        Re: As per icon (@ Moses)

        "I say, can you hear me?"

        Loud and clear. Still don't know fut the whack you're talking about.

        Anyway, welcome to the forums, Moses. Make yourself comfortable.

    2. 404
      Black Helicopters

      well now

      A 'Moses' curbstomped my TH 6 hours ago. Then a 'Moses' shows up here...

      Coincidence? I think not...... cue up peasants..... A WITCH A WITCH!

      ;)

      p.s. just so happens we're looking for a new family car. Had been considering a real heavy metal 60s-70s non-computer one. This article pretty much nails it down. A nice 72 Chrysler New Yorker perhaps... bang <crinkle crinkle> what was that? Oh. Prius....

      1. A K Stiles
        WTF?

        Seeking enlightenment?

        Hey 404 - 'Curbstomp' - not one I'd come across before but, nasty. Any chance you could expand on 'TH' for the hard of thinking? Options I found so far were 'Table Header' (non xHTML compliant), Thorium, the Thai language, but none of them seemed to fit the context...

        1. 404

          Sorry... was side-tracked

          TH= My Town Hall lvl 5 in 'Clash of Clans' - an IOS/iTunes game that was recently (last October) ported over to Android and Google Play. Addicting. Rooted & cyanogen modded two Kindle Fires so far just to play the damn game (wife got hooked too).

          Curbstomp= British reference (where I picked it up anyway, Daily Mail can be very graphic). noun? Verb? Place unconscious person's mouth on edge of curb, stomp back of head. Yes, very nasty. Best kill me, ya know? Somebody who would do that wouldn't be hard to find if you know what I mean.

          In this case, 'Moses' with his lvl 8 TH and all the benefits that implies, used a freaking Barbarian King in his attack. A_Barbarian_King_On_My_TH5. Insulting. You get one chance at revenge and I'm saving it.

          ;)

          on a side note: Supercell is pretty damn smart with their game, free to play, but with in-game microtransactions, we're in $100 already just to hurry things along. Learning patience and discipline though lol. Damn it. lol.

          *edited we're the PtewPtew Gotcha clan hehe

  14. John Smith 19 Gold badge
    Coat

    Oh, the Boston Brakes revisited.

    Mine's the jacket with a copy of "The Feather Men" in the side pocket.

    Safe driving.

This topic is closed for new posts.

Other stories you might like