DARPA (Defense Advanced Research Projects Agency) Hacks the Prius!

I just want the call button to activate Siri.

 

Hell. I just want to get the nav to work properly. Maybe DARPA can do better than Toyota with their hack. Otherwise, just use cellphone as Nav.

 

They didn't remotely hack into the car. It's clear that they removed the dash and directly connected to the car's bus. It looks like their contract was running out and the needed something to show for the wasted DARPA money.

 

it looks like these hacker used a wired harness to take over the Prius (obd2-can bus) network connection to the main computer. All the computers on the Prius use one computer network line - so all the hackers need to know is the network data record format and the inter computer command messages formats to hack it.

Pretty useless. However, if they had a PC laptop based data logging ECU diagnostic computer for the 3rd generation Toyota Prius that would have commercial value.

 

Can't wait to see what they can do when they marry a Prius with their "Big Dog"

 

Maybe DARPA was the reason that Toyotas accelerated uncontrollably.

 

I found another article:
Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video) - Forbes

Keep the links handy as we can use them for the next "Prius EMI" thread. <GRINS>

Bob Wilson

 

Others have shown how to hack the wireless, or hack through a cd in cars with dvd based navigation interfaces into the car. THey mentioned on-star as the one demonstrated wireless hack. Darpa doesn't want to tell the general public how to do this. The darpa money was expressly to see what could be done to a car after someone hacks the wireless. It appears that they tapped into the self parking features to do the most dangerous things. They can also mess with the speedometer, but hopefully most can safely drive even if the speedometer is hacked.

If you read the article, they hacked the prius and a ford escape, it was not Toyota specific. It only does affect connected cars with advanced features. Hopefully the hacks will inform the car companies how to make their software more secure.

 

None of the Telematics wireless network features can drive the car. However, OnStar and other automotive Telematic systems can be hacked by wireless remote control units so that an unauthorized person can unlock the car door ( a problem if you are a government agent thinking locking the car door will protect you from Mexican drug lord cartel kidnappers/assassins).

 

The speedometer hack is more interesting. I'm running over-sized tires on our 2003 which in effect provides over-drive. The speed and distance reports lower than true values.

Bob Wilson

 

Once you are in a networked system, you often can gain access to other functions if they are not walled off. If a car has self parking features, it likely has hackable brakes, steering, and acceleration. These can be walled off from a wireless network system, but I doubt they are right now. On many systems, the brakes can be hit remotely.

My name, address, and social security numbers have been hacked from three different systems. These were supposed to be secure. One of them, the state system, was left open by negligence. Can these systems be made secure. Absolutely. Do I trust the major car companies to do it without pressure? Absolutely not. They make money selling these features and seem to be oblivious to many good software principles. I am sure though that once specific holes are publicized they are more likely to fix the software. Lojack is likely the system most likely to be hacked.

 

The Prius computer network can be accessed via the OBDII/CAN port which is underneath the driver's steering column - Why did the DARPA consultant have to remove the dashboard to access the CAN network when they could have just ordered a OBDII/CAN port cable from Amazon?

I have read that GM's OnStar has been able to slowed down a stolen speeding OnStar vehicle long enough to assist the police in the recovery of the stolen OnStar vehicle. Along with automatic GPS tracking to recover a stolen vehicle - OnStar has a 24 communication link with the car to monitor everything. If something goes wrong or if the car is hack - it is more than likely OnStar will figure it out before the driver does. Automotive telematics, like OnStar, are normally on the most expensive cars and are still very rare. Toyota's telematic subscription service which is available only on high-end Prius as an installed option is called Safety Connect [1] from what I understand it is similar to GM's OnStar. That means - you need a pretty expensive and rare Prius to start with... before even justifying such hi tech hijinks.



If I had that much time on my hands (and that much money) - I would have a Prius Hybrid Synergy Drive diagnostic scanner computer.


Antivirus and Security Software more often than not is just band aid approach to a fundamental security design flaw. The simplest and least expensive network-secured systems are *isolated* systems. Security *wall* more often than not can be breached as long as there is a viable network connection.

[1]
Safety Connect - Wikipedia, the free encyclopedia

 

Yes to do the most hacking you need onstar/safety connect/one of these systems. If you don't have one, the other way mentioned is through some DVD based factory navigation systems, but inserting a virus. They can't hack my low end prius II with aftermarket navigation. The system that is most dangerous is self parking with one of these connected systems.

 

"Better to experience the panic of a digitally hijacked [car] now than when a more malicious attacker is in control. “If the only thing keeping you from crashing your car is that no one is talking about this,” says Miller, “then you’re not safe anyway.”"

Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video) - Forbes

 

You can't connect to the internal network wirelessly. You can hack something with no interface.

The only time anything like this would be remotely worrisome is if you had a hit squad after you and they broke into your car and planted an interface module so they could control it at a later date. Why do through that trouble? If you are not already worried about these sorts of threats, you aren't important enough for someone to go through the trouble. Cutting brake lines, car bombs, or other forms of sabotage are much easier and more common. Planting a device in a vehicle to crash it is pretty traceable as well.

 

All the same one should take notice if you see an extra wire leading from the ECU to a fellow's laptop in the back seat.

 

Edward Snowden probably ought to check for this sort of stuff next time he drives anywhere.

The greater risk is when someone packages this as a Bluetooth accessible OBD2 command generator toolset.

 

Would a system like OnStar provide this type of access???

 

Yes.