Secure Car Sensor Analytics

On Thursday, August 4th, 2016, I visited Nathan Freitas, of the Guardian Project, at his home in Brookline, MA to see him and his intern, Casey Flanagan set up an On-board Diagnostics (ODB) solution that transmits car data securely by WiFi, using Tor, which is “free software and an open network that helps users defend against traffic analysis.”

This winter, Freitas had presented his “Internet of Onion Things” talk the Army Cyber Institute at West Point on the risks of networked sensors and the potential for using Tor to address those risks. He pieced together a secure smart hub using Tor with a Raspberry Pi, using HomeAssistant software. The project received some good press; Ashley Carman reported on it in The Verge as did Andy Greenberg in Wired in “Now You Can Hide Your Smart Home On The Darknet.” As Greenberg concluded:

While his HomeAssistant setup is mostly just a proof-of-concept designed to demonstrate a new form security for DIY types, Freitas says he hopes it might also convince more mainstream Internet-of-things companies to take a similar approach, and consider integrating Tor. “We want to introduce the idea that Tor can be used this way, and to advocate that IoT vendors adopt and innovate with it,” Freitas says. “We’re ready to work with anyone interested in doing that.”

Extending the home smart hub work, Freitas is using a Bluetooth-enabled ODB (a USB connection could also be used) connected to a CHIP micro-computer to collect car data. Describing the process with another example, Freitas said, “Rather than buy a smart light bulb that is meant to talk to the internet, you buy a smart light bulb that has Bluetooth low energy and then the thing that talks to the internet is more of the smart hub…. The cost of tiny Linux-base ARM machines has dropped and running Tor on them is possible.”

By contrast, if you buy a smart light bulb with a proprietary solution it is probably run through a server with a million flaws in it that could allow someone to hack into it and your device could be added to a botnet. He described a Great Cannon denial-of-service (DoS) attack on a human rights organization in China, saying that it is not a question of if, but when a cyber attack will be launched on a city and that it will likely be one computer causing a chain reaction. In addition to such a major attack, juvenile delinquents or pranksters might just want to annoy their neighbors. He described a hypothetical swatting situation in which someone is playing an online game and a competitor gets mad because you killed their dragon so they find your apartment information and call the police department saying there is a hostage situation and the police raid your house. He said this happens all the time. Or if a smart thermostat is connected to the internet in an insecure way someone could turn the heat offline.

At Target, the hackers targeted the HVAC system which was connected to the payments system, allowing them to gain credit card information. There is a similar ability with a car. The car manufacturer will say they have limited the damage that can be done; but it is not true.

However, using Tor, you can connect to any WiFi and hackers will not see any access from the car. They only see that you are using Tor. Without a secure connection, if Nathan is away and wants to check in on his home there might thirty hops — through other computers — and they can see his connection. So there is risk at every point. His main message is that there is “a looming crisis.”

Adding an IP address to simple devices, such as water pumps, can be very risky; “You can’t cut corners if you put it on the internet.” A Fitbit, connected by Bluetooth, is “super limited,” but is a “good decision versus WiFi.” A Pi Zero or CHIP is less than $10, and even less in mass production, and has Linux ARM and a proper technology stack and can use Tor.

As with HTTP, a threshold has been reached that makes it affordable enough and easy enough and now facebook, Google, and Twitter use HTTPS all the time, which makes sense.

Security companies have been uncovering problems — finding, for example, that they could hack a baby monitor. But, he says “not enough people are finding a reasonable way forward.” This kind solution, using Tor, can play a part in addressing the issue.

With that overview, Freitas, turns to his intern, “So Casey where are we at? Should we take this down to the car?” They review a couple last technical concerns and we head down to the car.

Nathan and Casey do a last minute check before heading to the car

Note: Casey, on the right, is holding a PocketCHIP, which they are using in the setup process. The CHIP is in a red case on the desk.

Magnanimously, Nathan has offered to let Casey test this on his truck, a faded blue Ford with a couple of packages of Goldfish crackers on the passenger seat. Casey is a UMass Amherst engineering undergraduate. I ask him, “Casey, how do you feel about using your car for this test?” He says, “I don’t know; I don’t think anything too bad can happen.” Nathan says that after this he is going to sneak it in his mother-in-law’s car, noting “the Prius has a lot more data points.” I tell Nathan that it is nice of him to test it out on his intern’s car and then his mother-in-law’s car. He defends himself, “I don’t own a car.” I respond, “That’s convenient. When are you going to internet enable that bike?” He says, “Never, that is my offline scheme for combating this stuff… I’m a big Battlestar Galactica fan — the old and the new — and in the new, to combat the Cylons, they have to go to all, old-school analog technology. But you can be high tech in other ways and use firewalls. But our ship will run off of gears and steam.”

At the truck, Nathan and Casey spend some time trying to pair the OBD and the CHIP. Eventually, after some troubleshooting, they determine that a tablet that they have been using seems to have blocked the ODB/CHIP Bluetooth connection.

Troubleshooting the Bluetooth connection

Once they turn off the tablet, the ODB/CHIP Bluetooth connection works. Nathan says that pairing can be tricky; but “once you do this once — it just works — it is paired.” Their next step will be to write a script to automate the process. With the connection made and the engine running, Nathan can now view the data in the terminal on his laptop and when Casey revs the engine it registers, “throttle up.” And with that success they decide to break for lunch.

A few days later, after having to reflash the CHIP OS, and after Casey has driven around a bit; they send me some some of the data that they have collected. They also added GPS to the CHIP.

The chart below shows estimated miles per gallons (MPG), which was calculated as: 7.107*odb.vss/odb.maf

Vehicle Speed Sensor (VSS )

Mass Air Flow (MAF)

by throttle position, where 18.039 is no throttle pressure (Source: MPG Calculation Information). No throttle pressure is the most commonly occurring throttle position, which might say something about the amount of time idling and 0 MPG (I believe coasting is correlated to very high MPH). Also there are a small number of high throttle positions with low MPG.

Estimated MPG by Throttle Position

The chart of VSS by throttle position is similar; though it registers higher VSS for the higher throttle positions:

Vehicle Speed Sensor (VSS) by Throttle Position

Cool. More analyses to come.

A note on data synchronization from Nathan (8/12/2016):

The data from the car was synchronized to the Home Assistant RasbPi-hub in the house over Tor. Casey synced the data when he was home in Scituate, and then also when he pulled into my driveway. Using Tor meant that there was no insecure client or server exposed to the open Internet, and that secure data synchronization could happen anywhere, not just when he was connected to my internal WiFi.

A note on Torque (8/12/2016):

I asked Nathan about Torque, an Android app, that allows for using phones versus the CHIP. Nathan agrees that Torque is super cool, but “it had problems syncing data to Home Assistant. It is also not open-source.” And Nathan “wanted to construct a system as much on open source software and hardware as possible.” I figured it would save on having to buy and hook up another device and would also allow for secure data transmission by Tor. This is true, but Nathan indicated, that “a CHIP or RasbPi Zero + ODB2 is about $30–40 total, and can be permanently plugged into your car, so there are benefits vs a phone or tablet.” Yet, they are still interested in trying again with Torque.