Car hacking made cheaper and easier
Fiddling with your car’s innards will soon become easier and cheaper than ever before, as Eric Evenchick has created and made available hardware and software design files for CANtact, an open source CAN bus tool that can be manufactured for less than $100.
Evenchick, a freelance embedded systems developer, presented the CANtact device on Thursday at the Black Hat Asia security conference in Singapore, and demonstrated its effectiveness to the audience.
The device gets connected to a laptop’s USB port and the car’s OBD2 port, which is located under the car’s dashboard. It allows hackers, testers and researchers to connect to the car’s Controller Area Network (CAN), which connects to the various computers that are embedded in modern cars and control things like brakes, windows, the engine, and so on.
One of the things important to mention is that in order to use the device you have to have physical access to the car and the aforementioned port.
While remote attacks against a car’s network have been demonstrated, Evenchick’s aim was not to create a device that would be used by malicious attackers, but one that will help car owners and hobbyist take a peak inside their machines and have a go at tweaking some things to their liking, as well as be used by security researchers to look for vulnerabilities, test security exploits, and (make the automotive industry) fix the found flaws before they endanger customers.
Using CANtact should be easy for anyone that knows how to write python scripts. The instructions included in them are translated by the board into the Unified Diagnostics Services protocol that the car’s CAN and its electronic control units communicate in.
As the documentation for these systems is not readily available to the public, amateur car hackers will have to initially wade in the dark and learn by testing, succeeding and failing.
Evenchick told Andy Greenberg that he hopes that the will share their findings with other hobbyists. He also hopes that there will be a market for CANtact, which he aims to manufacture and sell for a price within the $60 – $100 range.