OBD II a Security Threat Vector?

[generaltso]

This means you're looking at a lifetime of 11 years for a car, which feels like it's too short?

Well, you know what Uncle Elon says:

"It is economically, if not technologically, infeasible to expect that such components can or should be designed to last the vehicle's entire useful life”

Sponsored

 

[JamieGeek]

hmm. Ohio, and I bet other states, now use a reader on the port for smog check stuff - they don't do a tailpipe test on OBD-II cars, they just look for unacceptable data on the OBD-II port. This means you're looking at a lifetime of 11 years for a car, which feels like it's too short?

I was told about the 10 insertions spec when I was working at Ford by someone working on the end-of-line plant testing system so take that for what its worth.

The conversation was about the difference between the end of line tester plug which is rated for hundreds of thousands of insertions and the vehicle side which had at most a dozen. They even design the tester plug as a short extension on another plug so you can multiply the hundreds of thousands by the # of the 2nd connector (by simply replacing the vehicle end with a new plug).

 

[ChasingCoral]

No.

Model 3/Y don't.

Thanks. Didn’t know that.
I’ll rephrase: Yes, the major automakers put them in all of their cars. They may be missing from some non-fuel burning cars.

 

[Maquis]

The likelihood of of being injured by some idiot in the oncoming lane who is looking at their phone is several orders of magnitude greater than getting hacked via the ODB2 port.
Just keep things in perspective. ?

 

[BlueMach]

Thanks. Didn’t know that.
I’ll rephrase: Yes, the major automakers put them in all of their cars. They may be missing from some non-fuel burning cars.

Yeah I suspect more automakers will follow suit on their EVs, unfortunately.

 

[ab13]

No.

Model 3/Y don't.

I read they requested an exclusion for Model 3, probably to save cost. You can't use some aftermarket accessories without it though.

 

[Jimrpa]

How often do computer users put jump drives in their USB ports?
How often do drivers put devices in their ODB ports?
It's just not the same scale of problem.

It’s not just users we are concerned about. I understand your point. With a vehicle that’s more dependent on software for basic functionality, I think it’s fair to ask if all potential attack points, including the OBD II port, are appropriately protected.

 

[Jimrpa]

I think if a bad actor wants to do this i guess anything is possible. But at a individual car level its going to be rare as others already said. It needs some one with with access - say a valet at hotel or while servicing or say a random break the window to insert whatever usb. At best they can control your car and you will notice it.

Now can someone use that access to gain access to Ford central to control a mass of vehicles - again possible but that means Ford is lax with their security as well.

can it happen - yes anything possible.

I think of this as home security - despite having security systems and monitoring, people try to break into homes but most are deterred by the fact that you have security and if they break in and alarm sounds they usually take off. Could someone try to hack ADT central from a home and cause mass havoc - again possible but hope ADT security at their IT infrastructure level we hope is better right. It may not be a great example but thats what came to my mind.

We could have a said lock to the port but we have to remember to take it off when go to service the vehicle and if a bad actor is waiting there for a MME - the lock wont do any good right. But probably defeats someone who thinks of breaking a window to insert a bad usb drive to the port.

I’m not talking about an attack against Ford. For example, one potential attack I was proposing was malevolent to a “botnet” attack. A malicious actor loads malicious software (say, via a really cool “free” OBD II scanner on the Google Android store) through the OBD II port to autos where it sits quietly. It then just sits quietly in different EVs, including the Mustang Mach E, until it’s triggered. We’ve already seen these attacks happen on platforms in other industries so this is NOT “hypothetical”. Do you want to hop in your Mustang Mach E one morning to be greeted by a screen demanding X BitCoin to be sent to some silly URL before your $60,000 brick moves?

 

[ChasingCoral]

I read they requested an exclusion for Model 3, probably to save cost. You can't use some aftermarket accessories without it though.

Blocking mods may have been the real reason.

 

[ChasingCoral]

I’m not talking about an attack against Ford. For example, one potential attack I was proposing was malevolent to a “botnet” attack. A malicious actor loads malicious software (say, via a really cool “free” OBD II scanner on the Google Android store) through the OBD II port to autos where it sits quietly. It then just sits quietly in different EVs, including the Mustang Mach E, until it’s triggered. We’ve already seen these attacks happen on platforms in other industries so this is NOT “hypothetical”. Do you want to hop in your Mustang Mach E one morning to be greeted by a screen demanding X BitCoin to be sent to some silly URL before your $60,000 brick moves?

This is very hypothetical for attacking cars and requires the perp to physically access your car and insert a device into the port. As I said, it’s only a risk if you fear you have a real reason to be concerned someone might target you.

There are enough real risks in this world that I’ll leave such conspiracy fears to bad novels and TV shows.

 

[JamieGeek]

The bigger issue is if someone hacks into the OTA update....

ok now I've got you really worried LOL

 

[Jimrpa]

This is very hypothetical for attacking cars and requires the perp to physically access your car and insert a device into the port. As I said, it’s only a risk if you fear you have a real reason to be concerned someone might target you.

There are enough real risks in this world that I’ll leave such conspiracy fears to bad novels and TV shows.

As I said, while the precise scenario I described is entirely hypothetical, there are absolutely real-world analogous examples that have already happened with very bad outcomes. You can look up Try2Cry for one quick public example.
I think security is something to be more aware of as these vehicles become more software dependent and as more advanced driver assistance features are deployed.

 

[ChasingCoral]

As I said, while the precise scenario I described is entirely hypothetical, there are absolutely real-world analogous examples that have already happened with very bad outcomes. You can look up Try2Cry for one quick public example.
I think security is something to be more aware of as these vehicles become more software dependent and as more advanced driver assistance features are deployed.

Sure. We also know the story about Stuxnet being used to take down the Iranian centrifuges, too.

Again, let's be real. If someone finds a USB drive in a parking lot, what are the odds they will stick it in a computer? Pretty high. If someone finds a stray device that plugs into an OBD II port it a parking lot, what are the odds they will stick it in their car's OBD port? Tiny.

Internet hacking of cars is a real concern. Spiked OBD II devices is the least of my concerns. I'm not going to bother repeating myself again.

 

[Jimrpa]

Sure. We also know the story about Stuxnet being used to take down the Iranian centrifuges, too.

Again, let's be real. If someone finds a USB drive in a parking lot, what are the odds they will stick it in a computer? Pretty high. If someone finds a stray device that plugs into an OBD II port it a parking lot, what are the odds they will stick it in their car's OBD port? Tiny.

Internet hacking of cars is a real concern. Spiked OBD II devices is the least of my concerns. I'm not going to bother repeating myself again.

I’m not talking about a hacked OBD II device. I keep talking about the port as a point to introduce malicious software. In fact, the one hypothetical example I cited invoked downloading infected OBD II software from an untrusted App Store.
I’m pretty sure people aren’t wandering around Auto Zone, looking for random OBD II things in the parking lot and plugging them into their OBD II port, just to see what they do. On the other hand I have an old Bluetooth OBD II adapter that “kind of” worked that I used to use with my Miata and my Focus, just for fun to check out what data was available. In fact, with the Focus, I repeatedly tried, to no avail, to enable Global Close (Europeans rated global close, but Americans were unworthy and Ford instructed dealers specifically NOT to use the diagnostic system to enable it, even if customers asked! ?) So, I have a vague idea of how a malevolent actor could say “hey, check out this cool code I have that enables unlock front trunk by fob” and download it via OBD II, and said code might carry a payload you might not want. By the way, many of those websites with interesting Focus code from Europe were *.ru sites ? I took a hard pass on those.

 

[spp]

The bigger issue is if someone hacks into the OTA update....

ok now I've got you really worried LOL

Knowing how we do it, the OTA server has mutual authentication between us and the vehicle. The OTAs themselves are signed in multiple places and even signed to the individual ECU. If someone wanted to screw with it, they would have to go through at least 2-3 different points of failure before they even get a chance to get onto the vehicle.

Sponsored