| I do too; I was a lead on Ford SYNC, GM's Cadillac CUE, and a slew of other OEM ECU modules. First let me say that the book is dated. Example, there is now CAN-FD but they only talk about CAN and Extended CAN in the book. The attacks in the book are low grade attacks just about anyone with just a basic curiosity could probably pull off - like making up a cable. Ford SYNC, for example, required signed payloads. Infotainment systems, generally speaking, are not even on the same CAN bus as the engine control unit. The book spends an inordinate amount of its pages talking about stuff you can easily google and get much more detailed and more accurate information like LIN, ODB2, etc... Why not talk about CAN arbitration? The book fails to mention a simple attack vector everyone in automotive knows about. ArbID on CAN is not only unique to CAN frame but also used to win arbitration. You can flood a CAN bus with CAN frames using an ArbID of 0x01 or 0x00 to kick off a sort of denial of service attack. The UDS hacks they talk about are not really hacks at all. They are part of what is known as right to service. Automotive manufacturers are not allowed to lock out small mom & pop service shops or 3rd party tools. The really sensitive stuff typically requires what is known as a VIN unlocker. For example, you can't easily change the ODO (odometer) value. With Ford ECUs, you get a DLL from Ford Motor and a key. You then take CAN data off the bus, pass it through the provided DLL and along with the key, get back a value that you send back out to "unlock" the ECU to program it. Why not talk about reverse engineering this? They talk about CANiBUS which is a nice tool but a better one is Vehicle Spy which does the same thing and more. Chip tuners use this to reverse engineer the CAN signals. In the industry, all these CAN bus signals can be decoded if you have what is called a DBC file. DBC file is file format used to lookup values to translate into human readable descriptions. The format is owned by Vector which is another company that makes, over priced, CAN diagnostic and simulation tools that everyone uses. The Ethernet metasploit looks like pie in the sky talk. Every Ethernet system in a car today is basically infotainment system and benign data like album art, Mirrorlink, and simple data sharing between say a center stack and a cluster. There's nothing there... On top of this, every automotive ethernet is Broad-R-Reach which is Broadcom's 2-Wire Ethernet and to tap into it requires expensive demo boards from Broadcom. It's not like you can simply take a 2-wire Ethernet and put into a Linksys switch to see the packets. More misinformation. The Keypad for the passive entry looks like good material but it, too, looks very dated. sorry to be such a downer but felt after reading through the material they should be called out.. buyer beware. |
* If the info there is as outdated as you say, where could one find a reasonably complete and up to date intro to car computer technology?
* Are there any tools out there that can be used for simulating a car network (CAN bus, ECU etc.) for lab purposes?