Hello readers, In this tutorial, I will explain more about car hacking, its possibilities and tools which can be used for hacking a car.
In this tutorial, I will go through,
- Electronic Control Unit (ECU)
- The Interconnected Car
- The CAN Bus Architecture
- CAN Data packet Structure
- How insecure is CAN bus
- Securing the automobile
- Tools that can be used in Car Hacking
Modern Automobiles are monitored and controlled by several computers, sensors etc which are connected together by internal vehicular networks. This transformation increased the Efficiency, Safety and Performance but it introduced some modern-day threats. At the Black Hat security conference, automotive cybersecurity researchers Charlie Miller and Chris Valasek presented their car hacking researches and about their 2014 Model Jeep Cherokee hack. Charlie and Chris hacked into a 2014 model Jeep Cherokee by carefully exploiting its CAN Bus Architecture. The hackers managed to control the braking, acceleration etc of the Jeep Cherokee. So they managed to do it?
Electronic Control Unit ( ECU )
ECU can be considered as the computer of the car. It controls one or more electrical systems say controlling different sensors of a car. There will be multiple ECU’s inside a car. A modern-day car will be having more than 50 ECU’s to control its systems. The key elements of ECU are Core, Memory, Inputs and Outputs. The Core will have a microcontroller, Memory: SRAM, Flash, Inputs: Supply, Digital Inputs, Analog Inputs, Outputs: Relay drivers, H bridge drivers, Injector drivers, Logic outputs.
The Interconnected Car
This image explains how interconnected a modern-day vehicle is. As you can see from the image, this car is powered by a lot of electronics components and is networked together.
What is CAN Bus?
CAN Bus is a single centralized network Bus which carries operator commands to sensor readings. It is a vehicle bus standard designed to allow electronic control units and devices to communicate with each other in applications without a host computer. CAN Bus is a message based protocol.
In CAN Bus,
Any node is allowed to broadcast message
Each message contains an ID that identifies the source or content of a message
Each receive decided to process or ignore each device
With and Without CAN
CAN Bus DataPacket Structure
CAN Bus Security Issues
- 30-year old architecture
- Lack of Segmentation and
- Lack of Device Authentication
- Unencrypted TrafficFragility to DoS
Capturing, Analysing and Modifying CAN Bus Message to Hack a Car!
If we want to take control of the car we need to be a part of the CAN Bus network. There are the different way to do that.
- Connect our device to the Diagnosing port (Devices like Macchina M2 is very small in size (Smaller than a pendrive)and can be used to capture and reverse engineer the data packet )
- Push a Malicious software update to Entertainment system with our backdoor
- If there is an option to connect to the car say through WiFi, establish a connection with it and sniff the data packet
MachinaM2 is a hardware which can be used to capture the CAN Bus Data, Modify it and send it back to the Car network.
You need to buy MachinaM2 hardware from https://www.macchina.cc/
You can download the Software from GitHub
Steps To Follow!
- Connect the hardware to the onboard diagnosing port and connect the device to our computer via WiFi
- Open the given software
The GUI will look like this!
Messages from each component will be shown under a particular ID, we can program our device to broadcast a particular message to the CAN Bus. At first, we need to identify which component is mapped under a particular ID. That can be done by observing the changes while applying and releasing the brake. Once we identify that particular message, clone that message using the tool and program our device to continuously broadcast hat particular message to the CAN Bus. Thereby taking control of the braking system.
Securing The Automobile
Automobiles can be secured by,
- Device Authorization
- Security by Design
Other Tools !
Download it from: https://github.com/newaetech/CANoodler
Can be used to sniff messages from CAN Bus .
Download it from GitHub
To be continued …..