A new quarter sized gadget that will run you $60 and some scripting can help you hack a car and even automate the process of doing it. How…? Just connect one end to your computer and the other end to the car.
Today’s average automobiles don’t really have any protection against hackers, I mean why would they right? Wrong, a new little device that will run you $60 and a laptop can allow you to hack nearly any car’s digital insides.
24-Year-Old Eric Evenchick plans to present this new device he calls the CANtact tomorrow at Black Hat Asia security conference in Singapore. The CANtact is an open source board, which Evenchick plans to sell for somewhere between $60 to $100. The device works by plugging one end into a computer’s USB port, while the other end plugs into a car or truck’s OBD2 port, which is a simple network port right under the car’s dashboard.
The CANtact offers an interface between any computer and a car’s controller area network, or CAN bus, which is the collection of connected computers inside the vehicle that controls everything the cars does from its windows to brakes.
The CANtact is just a small piece of hardware and combined with Evenchicks open source software he is releasing for free, the tool will make car hacking far cheaper and an automated process for newbies in the field.
“I realized that there were no good tools for me to play around with this stuff outside of what the auto industry uses, and those are incredibly expensive,” Evenchick said speaking to Wired, citing a number of products sold by companies that can run you into the tens of thousands of dollars. “I wanted to build a tool I can get out there, along with software to show that this stuff isn’t terribly complicated.”
Which is just what Evenchick did, while stating the device is not intended to be abused for malicious use. Instead, he said it is meant for car hacking hobbyist and for security research towards car hacking which can hopefully shine a new light to help fix vulnerabilities within cars, a common threat that runs across any self-driving or smart connected car.
Car hacking has become extremely relevant over the past years, with researchers demonstrating just how easy it is to hack a car in public. One journalist was fortunate enough to see the action live at an abandon parking lot, where the researchers took control of a car for a ride around the parking lot, controlling all the vehicles functions from the computer such as steering, accelerating, slamming on the brakes and even having the ability to entirely disable the brakes, all while sending digital commands to the car’s CAN bus.
Evenchick’s small $60 car hacking gadget aims to simplify the accessibility of that research, making it available to masses. The demonstration noted above was completed by two security researchers, Chris Valasek and Charlie Miller, who used a $1,200 ECOM cable that they had hacked so they could connect it to their test vehicles’ OBD2 port. Evenchick’s CANtact would make such research seamless and much more affordable for the average hacker.
Most programmers today are not familiar with the protocol cars’ computers currently utilize to communicate, which is also what Evenchick’s open source software for the CANtact hopes to simplify, automating most of the manual work CAN bus hacking requires. The CANtact is designed to send commands in Unified Diagnostic Services (UDS), the CAN protocol that auto makers use to communicate with electronic control units (ECU) throughout the vehicle.
Evenchick’s device allows anyone to write python scripts that can then automatically execute commands throughout the car’s digital network, allowing hackers to trigger the check engine lights or even automatically begin pumping the breaks. “Most people have no idea there’s all this diagnostic stuff that someone who’s connected to the CAN bus can use to do all these interesting things,” Evenchick said. “What are the extent of those features? And what implementation problems exist that could be big security holes?”
Evenchick did note that certain UDS commands sent from the CANtact may largely matter based on the vehicle and its specifics, possibly making it a bit trickier for amateur car hackers. But by releasing the software on Github, Evenchick hopes the program will become widespread and tailored at different vehicles and their specific vendors. “It would be awesome if people messing around with their cars… could work together to build a library [of code] to do all this stuff,” Evenchick told reporters. “You’re a Honda owner, and someone else is a Honda owner. If they find some cool things to do and you want to play around with it too, they can share it.”
As should be mentioned, Evenchick is not releasing a tool that will allow just any hacker to begin remotely attacking cars. The CANtact is a physical piece of hardware and is required to be plugged into the car itself, as well as a computer, but does in fact help automate the testing of security exploits throughout the car. To remotely hack a car and take it over is entirely possible through wireless attacks on the cars Bluetooth connection or other built-in services, but is not what Evenchick’s device is aimed towards.
The more attention and testing automaker systems receive, the more secure they’ll become Evenchick said, stating you don’t really own a device until you can tear it apart and hack it yourself. Evenchicks $60 CANtact device is a huge innovation in the car hacking arena and will make vehicle security testing affordable and a breeze. Evenchick’s $60 device is currently on sale now and can be found on his official CANtact site here.