Jump to content


Photo
- - - - -

Security risks of android auto


  • Please log in to reply
7 replies to this topic

#1 lindabrownms

lindabrownms

    Newbie

  • New Member
  • Pip
  • 1 posts

Posted 04 May 2018 - 04:55 AM

I've been a sci-fi fan from my childhood and have seen just too many sci-fi movies. I recently started using a car with android auto i has got me wondering how easy could it be to hack. Already there are videos on the internet of hacking Jeep vehicles. So I talked to a friend who works at this cyber security consulting company. So he told me everything is vulnerable. But I need more insight on this. I hope the people here can help me out with this.



#2 mikefamig

mikefamig

    Cocoonut

  • Registered
  • PipPipPipPip
  • 3293 posts
  • Experience:novice
  • Hardware:Elk M1
  • Tech:UPB
  • CCTV:ip

Posted 04 May 2018 - 08:40 AM

I have Ford Sync in my truck but the wifi service is not enabled. It's a pay service that I can live without. But the hardware is still there so I suspect that the manufacturer may use it for their own purposes. You can buy a car that does not have any electronic options but it will still have a cpu that runs the ignition and accessories so there will always be the potential for hacking in my mind. It would depend on whether the manufacturer put a nic or other communication device in the cpu.

 

Mike



#3 kwschumm

kwschumm

    Cocooner

  • Registered
  • PipPip
  • 80 posts

Posted 04 May 2018 - 11:25 AM

Any car with any two-way wireless connectivity has the potential of being hacked remotely.

 

Any car with electronics accessible with a physical connection (like ODB diagnostic ports) has the potential of being hacked in person.

 

Any car that doesn't fit in the above categories can be messed with in person, but "hacking" isn't a term I'd use there. Even an old car with no electronics whatsoever can be tampered with to cause a breakdown.

 

I don't much care for new cars with all the gadgets so I repair and drive older ones (grew up repairing cars so it's second nature). It's not necessarily cheaper to do this, parts can get expensive. I do like a GPS but the portable units work fine, are easily updateable and replaceable.


Edited by kwschumm, 04 May 2018 - 11:29 AM.


#4 pete_c

pete_c

    Cocoonut

  • -=Gold Supporter=-
  • 8672 posts
  • Location:House
  • Experience:average
  • Software:Main Lobby, Open Source Automation
  • Hardware:HAI OmniPro II, Mi Casa Verde Vera, Ocelot
  • Tech:X10-PLC, X10-RF, UPB, INSTEON, Z-Wave, ZigBee, 1-Wire, xAP, xPL, ALC
  • Audio:Russound
  • Video:MythTV
  • CCTV:analog, ip, dvr
  • Phone:Asterisk, FreePBX, Ooma, POTS, VoIP via ISP

Posted 04 May 2018 - 01:16 PM

Welcome to the Cocoontech forum lindabrownms.

 

Today we live in an age of the use of the Internet for just about anything whatever OS is being utilized.

 

Smartphones which are always on always communicate with the internet in a two way conversation whatever OS you utilize.

 

The internet today is now in your home with two way internet appliances (or whatever) that communicate with the internet 24/7.

 

So beneficial to automobile mfg's two way communications between your automobile and the internet will allow car mfg's to be able to check on your vehicle's hardware and if it is functioning OK.  This is a win win for the car mfg's today.  Smart self driving vehicles are around the corner.

 

Basically there will be acceptance en masse of this sort of stuff or not.  

 

So he told me everything is vulnerable. But I need more insight on this.

 

As mentioned above it is.    It is the world we live in today.  This does relate to anything you do on or with the Internet today. 

 

Where there is a will to compromise there is always a way.   

 

IE: lately there has been a push now of implementation of smart card credit cards. 

 

The technology was comprised in the 1990's. 

 

There was actually a contest to see who could do it first would win a million dollars. 

 

Somebody did win and made much more than a million dollars after the fact.



#5 wuench

wuench

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1605 posts
  • Location:St. Louis, MO
  • Experience:guru
  • Software:Harmony, Open Source Automation
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON, Z-Wave
  • Audio:Sonos
  • Video:Custom
  • CCTV:ip
  • Phone:OBi100/110

Posted 04 May 2018 - 01:19 PM

Yep the more advance the more opportunity to be hacked.  The entry points are of more concern than the actual OS (like android auto or apple whatever) running on top.   Also of concern is any manufacture that  provides remote access but doesn't provide a way to update the cars software without you having to take it in.   

 

  • Cell connectivty (OnStar, etc) it  can be accessed remotely by the manufacture whether you pay for their service or not.  You can also expect that data on your cars usage is being collected and can be released to the authorities. 
  • WIFI
  • Any device connected to your ODBII port that offers bluetooth or wifi connectivity. Beware cheap generic devices that allow you to access car data via a phone app.  I have looked at some of these and some of them absolutely expose the  ODBII  access within limited wireless range with no security whatsoever.
  • Wireless keyfobs

 

To date I think I have only seen reports of hacking via keyfob and ODBII devices remotely.  


Edited by wuench, 04 May 2018 - 01:31 PM.


#6 batwater

batwater

    Dedicated Cocooner

  • Registered
  • PipPipPip
  • 264 posts
  • Location:St. Louis
  • Experience:guru
  • Software:CQC, EventGhost, Harmony, Custom
  • Hardware:DSC, Custom
  • Tech:X10-RF, UPB, Z-Wave, ZigBee
  • Audio:Sonos
  • Video:Custom
  • CCTV:analog, ip, dvr
  • Phone:Asterisk, OBi100/110

Posted 05 May 2018 - 10:48 AM

The Jeep incident mentioned by the OP used the remote connection on the vehicle to gain access. See this article as an example:  HACKERS REMOTELY KILL A JEEP ON THE HIGHWAY—WITH ME IN IT  article is almost 3 years old but does drive the point home.



#7 wuench

wuench

    Cocoonut

  • Registered
  • PipPipPipPip
  • 1605 posts
  • Location:St. Louis, MO
  • Experience:guru
  • Software:Harmony, Open Source Automation
  • Hardware:Elk M1, ISY-99
  • Tech:INSTEON, Z-Wave
  • Audio:Sonos
  • Video:Custom
  • CCTV:ip
  • Phone:OBi100/110

Posted 05 May 2018 - 11:20 AM

The Jeep incident mentioned by the OP used the remote connection on the vehicle to gain access. See this article as an example:  HACKERS REMOTELY KILL A JEEP ON THE HIGHWAY—WITH ME IN IT  article is almost 3 years old but does drive the point home.

 

Yeah that's really bad, Chrysler should not be putting their cars on the public internet.   They should be on a private APN like some of the other vendors use.   Software patching the car is just a band-aid.   If I had a 2015 jeep I would be unplugging the communications module.  I know in my car that is just a simple USB connection.   

 

Unfortunately IT is totally upside down on security, the problem is only going to continue to get worse.   It really will be like Star Wars where ever door can be hacked in a few seconds or the whole plan goes down the drain by tossing something into an exhaust port.  :)


Edited by wuench, 05 May 2018 - 11:21 AM.


#8 pete_c

pete_c

    Cocoonut

  • -=Gold Supporter=-
  • 8672 posts
  • Location:House
  • Experience:average
  • Software:Main Lobby, Open Source Automation
  • Hardware:HAI OmniPro II, Mi Casa Verde Vera, Ocelot
  • Tech:X10-PLC, X10-RF, UPB, INSTEON, Z-Wave, ZigBee, 1-Wire, xAP, xPL, ALC
  • Audio:Russound
  • Video:MythTV
  • CCTV:analog, ip, dvr
  • Phone:Asterisk, FreePBX, Ooma, POTS, VoIP via ISP

Posted 06 May 2018 - 07:16 AM

Here a Consumer Reports subscriber now for close to 40 years and noticed that the June, 2018 on the cover features...

 

Protect yourself from SCAMS...

 

Attached File  CR-1A.jpg   59.14K   6 downloads

 

These days your internet experience is massaged a few different ways that you cannot circumvent unless using a private monthly VPN service...

 

SmartPhone ==> Telco massage ==> whatever OS cloud (iOS, Google, Microsoft, et al)

Home ==> ISP massage ==> wherever you go on the internet (here protected a bit by PFSense).

 

Some mfg's of automobiles are doing propietary for MFG internet and now today others are using common tablet OS's.

 

My preference is private and propietary except that cost too much these days for Automobile MFGs and consumers these days want to see an iOS or Android or CE interface on their automobiles.  (all three will talk to the cloud). 

 

Will scan and attach PDF....via MS drive.

 

Consumer Reports - June 2018 - PDF_Protect yourself from SCAMS






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users