Craig Smith does car hacking as safely as possible. The softly-spoken security researcher doesn’t take risks like cutting cars’ power on public roads, as executed on a Jeep by researchers last year. Indeed, he warns against such stunt hacking, something he tends not to partake in. Yet Smith is one of the pre-eminent automotive security experts on the planet, author of the Car Hacker’s Handbook and the founder of the Open Garages vehicle research lab.
Now Smith wants to let everyone, even those without any technical ability, to start finding security problems with their automobile. This week at the Nullcon conference in Goa, India, he’s releasing a free tool, UDSim, that will automatically start “fuzzing” a car at the click of a button. Fuzzing sees different kinds of junk data thrown across a network, the point being to seek out errors. Where those errors are returned a security hole may lie, one possibly exploitable by hackers. Smith has incorporated the Peach fuzzer, an open source framework, into UDSim.
All users require is a laptop and a connection to the car’sOBD2 port, typically used for diagnostics at dealerships and garages. The hardware can be purchased for as little as $20. And Smith plans to have the tool save results into an easy to read text file to make the results legible for non-technical users.
UDSim is an expanded, user-friendly version of a tool Smith released last year, which sought to expose a potential weakness in vehicles: the use of OBD2 diagnostic tools to spread malware. The older system used hardware called ODB Gateway (ODB GW), a tribute to Ol’ Dirty Bastard, the late WuTang rapper, and a common mispronunciation of OBD (on-board diagnostics). Combined with fuzzing software, it sought to expose flaws in diagnostic tools. Smith believes that a “Trojan car” containing malware could pass on infections to those tools, which could in turn jump on to other cars. Though he thinks the easiest way into a dealership’s network would be through the often-shoddy Wi-Fi.
Unlike its predecessor, which was usable only in command line, UDSim is controlled via a simple graphical interface. It also does more than fuzzing; the software maps out the car network, known as the CAN, automatically identifying modules the user can interact with. There’s then no need to use a physical car to test for vulnerabilities. “Once it’s learned the car, it can learn to be the car,” Smith told FORBES. Just feeding a log file from the car will create the emulated version, allowing testing away from the vehicle.
Once errors show up, however, the average person’s attempts to find weaknesses in their car’s network will likely founder. To determine just why those errors occurred will require the user to have honed reverse engineering skills, understanding just how the CAN operates and what functions relate to what data packets.
But Smith, who is also part of the industry education bodyI Am The Cavalry, wants to further empower car owners. He believes within the next year he will have crafted a full vulnerability scanner compatible with most models. This means anyone can connect their PC to their car and uncover vulnerabilities, ones that real world hackers might exploit to take control of vehicles remotely, something that has only ever been shown to be possible a handful of times. “For me personally I’m working more towards that. I do have penetration testing tools for cars, but they are not pretty. I feel that’s important,” Smith added.
Smith’s software will be downloadable from Github once he’s introduced it at Nullcon. Video tutorials will also be available on the Open Garages YouTube page.
More car hacking made easy
Meanwhile, former Tesla intern and car security expert Eric Evenchick is improving his own vehicle reverse engineering kit, also now available with a basic graphical user interface. His program, by mimicking certain diagnostic tools that cost upwards of $500, makes it simpler for users to determine what signals relate to which functions in a vehicle. “Once you know what those signals are, you can send fake ones,” he told FORBES. “I’ve accidentally discovered ways to unlock doors.”
Evenchick’s creation is a simple Java program, alsodownloadable from Github. He’s already been testing the airbag functions in a Toyota Prius, though he hasn’t gone so far as to pop them open with the push of a button.