Car Hacking Deconstructed

A car isn’t the product of a vast manufacturing apparatus that turns iron ore into sedans anymore. As with everything, cars are tech now, and they’re filled with microcontrollers and embedded systems, and infotainment systems.

With the rise of stuffing electronics in cars, it was only a matter of time before they were hacked. It’s been this way for years now, with people running cars off the road with a smartphone, but the reality is much more banal: hacking your own car is an excellent way to introduce yourself to embedded systems, and gain a little more control over the electronics you already own.

At this year’s Def Con, GRIMM, a cybersecurity outfit built around cars, car hacking, and all the electronics that go into modern transportation appliances, was there introducing the masses to car hacking, reverse engineering, and getting a handle on the computers you already own. We talked with Ac0rn about the message behind GRIMM and what it means for the future of auto manufacturing.

A Mobile Car Hacking Lab

A mobile car hacking lab isn’t necessarily mobile, despite being, you know, a car. GRIMM brought out 3P0, a deconstructed 2012 Ford Focus. It’s a car without all the heavy parts, but it does include the Electronic Control Units, the dash cluster, motors for the windows, and solenoids for the locks.

3PO is meant to be a test-bed for securing embedded devices, reverse-engineering, and hacking on cars. This can be done just through a CAN to USB adapter plugged into a laptop, watching the messages pass through the car’s system, and replaying those messages.

Changing Your Oil is The Gateway to Car Hacking

Beginning in 1996, all new cars sold in the US were required to have an OBD-II diagnostic connector, ostensibly for emissions testing. There’s a lot more going on in this connector. Various manufacturers put access to the CAN bus, a connection to the infotainment system, and every single computer in the car. If your check engine light is on, you might be able to save a trip to the mechanic by plugging in an OBD-II adapter. These are readily available from the usual online retailers, and with a few clicks you can reset that oil life indicator, or see that your O₂ sensor is broken.

An OBD-II diagnostic reader is a welcome addition to any garage, but there’s a secret to these devices. Depending on the model, you can listen into all the messages being passed back and forth in your car. From there, it’s a simple matter of looking at the messages passed when you unlock your door, then replaying that message to lock it again. This is the Hello World of car hacking, and it’s as simple as using a tool to reset your oil life and a laptop.

This Isn’t Chip-Swapping an Engine Tune anymore

Back in the day, if you wanted more performance out of your car, you could fairly easily break open the ECU, pull a few chips, and drop some new ones in. Now it’s a bit more different. Manufacturers have caught on, and there are standards now. If you want to modify your car, GRIMM has all the tools and techniques you need, and tutorials abound.

While most of the attendees hacking on the 2012 Focus at Def Con were toggling locks and rolling up the window, there are huge implications in the field of security and safety. Over the last decade, John Deere has been locking farmers out of their tractors, and farmers have been hacking them. This is the basis of what GRIMM is doing — giving people the tools to use what they own to the fullest extent, and no where was that demonstrated better than a deconstructed Ford Focus at Def Con.