Loading ...
Sorry, an error occurred while loading the content.

Hacking a Prius- Forbes Magazine

Expand Messages
  • romeo_incognito
    http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/
    Message 1 of 11 , Aug 3, 2013
    • 0 Attachment
    • extra_ball_when_lit
      ... Getting a government grant to write some code that spoofs commands onto the car s internal network via the OBD-II port depresses me. It s not rocket
      Message 2 of 11 , Aug 3, 2013
      • 0 Attachment
        --- In toyota-prius@yahoogroups.com, "romeo_incognito" <michael_jozwiak@...> wrote:
        >
        > http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/


        Getting a government grant to write some code that spoofs commands onto the car's internal network via the OBD-II port depresses me. It's not rocket science, and that's my tax money going to waste...

        Scott
      • mrvadeboncoeur
        ... Yeah, been discussing it over at http://autos.groups.yahoo.com/group/Prius_Technical_Stuff/messages/49176?threaded=1&m=e&var=1&tidx=1 Sure, there s a lot
        Message 3 of 11 , Aug 3, 2013
        • 0 Attachment
          --- In toyota-prius@yahoogroups.com, "romeo_incognito" <michael_jozwiak@...> wrote:
          >
          > http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/
          >

          Yeah, been discussing it over at
          http://autos.groups.yahoo.com/group/Prius_Technical_Stuff/messages/49176?threaded=1&m=e&var=1&tidx=1

          Sure, there's a lot you can do if you plug into your own OBD-II port. Just like you wouldn't let a person have physical access to your computer for fear of them adding programs or deleting things on you... It's all about access. That you can hack on it has been well known. (Hacking is a generic term, though the malevolent version called cracking is what the media and general public tend to think of as the meaning of hacking...)

          There's a reason that Google has been using Prius for their autonomous self-driving cars - since 2009 (so old news).
          http://googleblog.blogspot.com/2012/08/the-self-driving-car-logs-more-miles-on.html
          as of August 2012 (last year), their driverless Prius fleet had put on over 300,000 miles in testing, and now includes the Lexus RX450h.
          http://www.google.com/about/jobs/lifeatgoogle/self-driving-car-test-steve-mahan.html
          http://googleblog.blogspot.com/2010/10/what-were-driving-at.html
          http://spectrum.ieee.org/automaton/robotics/artificial-intelligence/how-google-self-driving-car-works
        • Larry Finch
          On Sat, Aug 3, 2013 at 11:35 AM, extra_ball_when_lit
          Message 4 of 11 , Aug 3, 2013
          • 0 Attachment
            On Sat, Aug 3, 2013 at 11:35 AM, extra_ball_when_lit <scott_lists@...
            > wrote:

            > --- In toyota-prius@yahoogroups.com, "romeo_incognito" <michael_jozwiak@...>
            > wrote:
            > >
            > >
            > http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/
            >
            >
            > Getting a government grant to write some code that spoofs commands onto
            > the car's internal network via the OBD-II port depresses me. It's not
            > rocket science, and that's my tax money going to waste...
            >
            >
            If you didn't read the whole article you missed the fact that the
            researchers chose the hard-wired approach because others had already proved
            that you could connect to the car's systems wirelessly by hacking
            BlueTooth. This study was to see what functions could be controlled.

            Larry
            --
            Larry Finch

            N 40° 53' 47"
            W 74° 03' 56"


            [Non-text portions of this message have been removed]
          • extra_ball_when_lit
            ... I did read the whole article - and I stand by my earlier comment. Michelle already mentioned the other point that I was thinking about making, but she
            Message 5 of 11 , Aug 3, 2013
            • 0 Attachment
              --- In toyota-prius@yahoogroups.com, Larry Finch <finches@...> wrote:
              >
              > On Sat, Aug 3, 2013 at 11:35 AM, extra_ball_when_lit <scott_lists@...
              > > wrote:
              >
              > > --- In toyota-prius@yahoogroups.com, "romeo_incognito" <michael_jozwiak@>
              > > wrote:
              > > >
              > > >
              > > http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/
              > >
              > >
              > > Getting a government grant to write some code that spoofs commands onto
              > > the car's internal network via the OBD-II port depresses me. It's not
              > > rocket science, and that's my tax money going to waste...
              > >
              > >
              > If you didn't read the whole article you missed the fact that the
              > researchers chose the hard-wired approach because others had already proved
              > that you could connect to the car's systems wirelessly by hacking
              > BlueTooth. This study was to see what functions could be controlled.

              I did read the whole article - and I stand by my earlier comment. Michelle already mentioned the other point that I was thinking about making, but she made it for me: It's probably not a coincidence that most of the Google driverless cars are Toyota and Lexus hybrids. We (taxpayers) don't need to fund somebody to poke around the Prius' internal network to discover what Google's engineers have already figured out. Sheesh. "What functions could be controlled?" Probably already documented in a Toyota technical service manual! Your tax dollars at work...

              Scott
            • David Kelly
              ... Yawn. Take the dash apart and directly wire in to systems and call it hacked or alarming? Thats as newsworthy as the observation one could hoist a car on
              Message 6 of 11 , Aug 3, 2013
              • 0 Attachment
                On Aug 3, 2013, at 6:59 AM, romeo_incognito <michael_jozwiak@...> wrote:

                > http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/

                Yawn. Take the dash apart and directly wire in to systems and call it "hacked" or alarming? Thats as newsworthy as the observation one could hoist a car on a flatbed truck and haul it off.

                --
                David Kelly N4HHE, dkelly@...
                ============================================================
                Whom computers would destroy, they must first drive mad.
              • David Kelly
                ... They did much more than plug in to the OBD-II port. For some reason they dropped the entire dash and didn t bother to put it back together for their demo.
                Message 7 of 11 , Aug 3, 2013
                • 0 Attachment
                  On Aug 3, 2013, at 11:29 AM, mrvadeboncoeur <mrv@...> wrote:

                  > --- In toyota-prius@yahoogroups.com, "romeo_incognito" <michael_jozwiak@...> wrote:
                  >
                  >> http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/
                  >
                  > Yeah, been discussing it over at
                  > http://autos.groups.yahoo.com/group/Prius_Technical_Stuff/messages/49176?threaded=1&m=e&var=1&tidx=1
                  >
                  > Sure, there's a lot you can do if you plug into your own OBD-II port.

                  They did much more than plug in to the OBD-II port. For some reason they dropped the entire dash and didn't bother to put it back together for their demo. OBD-II is easily accessible near the driver's left foot, easily accessible on your knees through an open driver's door.

                  --
                  David Kelly N4HHE, dkelly@...
                  ============================================================
                  Whom computers would destroy, they must first drive mad.
                • David Kelly
                  ... I haven t seen documentation that one could get in via built-in Bluetooth or cellphone. That journalists looking for headlines sensationalize and
                  Message 8 of 11 , Aug 3, 2013
                  • 0 Attachment
                    On Aug 3, 2013, at 11:49 AM, Larry Finch <finches@...> wrote:

                    > If you didn't read the whole article you missed the fact that the
                    > researchers chose the hard-wired approach because others had already proved
                    > that you could connect to the car's systems wirelessly by hacking
                    > BlueTooth. This study was to see what functions could be controlled.

                    I haven't seen documentation that one could get in via built-in Bluetooth or cellphone. That "journalists" looking for headlines sensationalize and deliberately rearrange terms they have heard to extrapolate a worst case scenario which does not exist. Yes, a $15 eBay Bluetooth OBD-II dongle can give one access to OBD-II. That said dongle usually communicates to a smartphone. That manufacturers commonly built cellphone connectivity in to new cars.

                    Its a big stretch to extrapolate the factory Bluetooth or cellphone links can drive the necessary systems to interfere with normal operation of the vehicle. All of the articles I have seen have been very careful not to directly make that claim, they are crafted to create F.U.D.

                    --
                    David Kelly N4HHE, dkelly@...
                    ============================================================
                    Whom computers would destroy, they must first drive mad.
                  • Walter Lee
                    Google s self driving Prius uses a complex and expensive array of sensors plus a system of servo motors to steer the car (this allows the driver to take over
                    Message 9 of 11 , Aug 4, 2013
                    • 0 Attachment
                      Google's self driving Prius uses a complex and expensive array of sensors plus a system of servo motors to steer the car (this allows the driver to take over the steering in an emergency) - from what I understand the steering mechanism on the Prius is still mechanical only the accelerator and the braking system is drive-by-wire. Beyond the very rare and optonal ultrasonic sensor in the front - the Prius doesn't have any sensors to drive by its self. the single ultra sonic sensor isn't going to be enough to drive a Prius very far - unless your destination is to drive into a ditch.

                       You can buy programmable  OBDII/CAN  data logging scanner software-cable combo that can send CAN commands into any car with a laptop. so the removal of the dashboard was probably done just for show to scare the journalist and the viewers into thinking they were doing something technically not obvious ... IMHO the consultant's laughter suggest they thought this whole project was easy money and a real joke -- and that it does not take much to make a reporter look like a fool. 

                      I suppose the real question is whether  the secret agent or terrorist like group is going exploit the weakness of a vehicle's computer network by  sending via wireless CAN commands to a high end vehicle it stop or make it so difficult to drive that the driver-car gets into an accident?   Only if the wireless network allows for it -  I have read reports indicating both Mexico's drug lords and the FBI/CIA can access GM's OnStar wirelessly (OnStar has been hacked).   So far I have not heard of anyone hacking into Toyota's similar telematic system - Safety connect - The DARPA consultants were fooling around with a GPS signal so they had access to Toyota's navigational computer which means they had blue tooth functions available too - but that is as far as they went.

                      [Non-text portions of this message have been removed]
                    • extra_ball_when_lit
                      ... I did not mean to imply that a Prius can be driverless all by itself without additional (costly) instrumentation. If that were true, Google would have
                      Message 10 of 11 , Aug 4, 2013
                      • 0 Attachment
                        --- In toyota-prius@yahoogroups.com, Walter Lee <waltermlee@...> wrote:
                        >
                        > Google's self driving Prius uses a complex and expensive array of
                        > sensors plus a system of servo motors to steer the car (this allows
                        > the driver to take over the steering in an emergency) - from what I
                        > understand the steering mechanism on the Prius is still mechanical
                        > only the accelerator and the braking system is drive-by-wire.

                        I did not mean to imply that a Prius can be driverless all by itself without additional (costly) instrumentation. If that were true, Google would have plenty of competition implementing that functionality. (Bob Wilson and Graham Davies and David "I mount my own tires" Kelly come to mind...)

                        I drive a 2002, so I haven't kept close tabs on more recent models - but - for several years now, Toyota has offered an option on the Prius that allows it to parallel-park itself. While the steering wheel may still be mechanically linked to the wheels, obviously the computer can get into the act too, if its programming (or a "hacker") tells it to.

                        Scott
                      • David Kelly
                        ... I don t *always* mount my own tires! Its just that the right thing seemed to be to order Continental EcoPlus tires from TireRack and rather than fuss with
                        Message 11 of 11 , Aug 4, 2013
                        • 0 Attachment
                          On Aug 4, 2013, at 12:33 PM, extra_ball_when_lit <scott_lists@...> wrote:

                          > I did not mean to imply that a Prius can be driverless all by itself without additional (costly) instrumentation. If that were true, Google would have plenty of competition implementing that functionality. (Bob Wilson and Graham Davies and David "I mount my own tires" Kelly come to mind...)

                          I don't *always* mount my own tires! Its just that the right thing seemed to be to order Continental EcoPlus tires from TireRack and rather than fuss with taking them somewhere or having them shipped to a shop I put them on myself. Mount motorcycle tires all the time and thought it reasonable to do the Prius. Wasn't too difficult. Also put tires on my RV which turned out not to be not nearly as easy as Prius. Special ST205/75SR14 trailer tires were much heavier and stiffer than Prius tires. I had an awful time getting the ST tire beads to contact the rim and hold air when inflating and finally had to take the 4th to a shop to have it finished. There I spent more time carrying the tire/wheel in than the task took to preform on the right machine.

                          But when I was at it I put TPMS in the RV wheels. Nice!

                          > I drive a 2002, so I haven't kept close tabs on more recent models - but - for several years now, Toyota has offered an option on the Prius that allows it to parallel-park itself. While the steering wheel may still be mechanically linked to the wheels, obviously the computer can get into the act too, if its programming (or a "hacker") tells it to.

                          All Prii use electric power-assit steering. Thats at least 95% of what one needs to steer by computer for self-parking or the nefarious claims of so-called hackers. Am not sure one can issue commands to the stock power assist hardware and make it turn the car, or pull in one direction or the other. Some have said its possible to issue simple commands to jerk the steering wheel one way or another, so more complex control algorithm is needed with feedback to accurately steer. Am pretty sure the power assist gain is controllable as one desires much less assist at speed than when stationary in a parking lot.

                          --
                          David Kelly N4HHE, dkelly@...
                          ============================================================
                          Whom computers would destroy, they must first drive mad.
                        Your message has been successfully submitted and would be delivered to recipients shortly.