14 DAY TRIAL // An embedded systems developer created and published the design for an open-source tool for easier hacking into cars by connecting to the controller area network (CAN) of the modern vehicle.
CAN relies on multiple buses for communication between different controllers in the car, such as those for the engine, the brakes or the electric windows.
Car hacking tool not designed for remote attacks
At Black Hat Asia security conference held this week at Marina Bay Sands in Singapore, Eric Evenchick talked about a toolkit that permits easy scripting of CAN bus tasks in order to subdue a car to the will of an outside entity.
Evenchick calls the board CANtact and made available on GitHub a repository complete with both hardware and software with data about it.
The capabilities of the tool consist in interacting with the controllers mounted for specific parts of the vehicle, performing diagnostic actions and testing the protocols against security loopholes through fuzzing.
CANtact is not aimed at a single car maker and model, but designed as a versatile platform that can be adapted by hackers to specific cases and shared with the community.
The tool is also not designed for remote attacks on a targeted automobile as it requires direct access to the OBD2 (on-board diagnostics) port, which is located under the dashboard.
Furthering modern vehicle security testing
According to Wired, Evenchick plans to build and sell the CANtact board for between $60 - $100 (€55 - €90), which would make it the cheapest interface between a computer and a car.
This could also lead to hobbyists finding useful tweaks to extend or improve the functions already available for the vehicle.
Its purpose is to facilitate testing of security exploits that could cause damage in the hands of an attacker. However, once remote access has been established with the car, such testing can be carried out from afar.
This would also draw criminal attention, since free tools are also preferred to cheap ones, but with community effort, vulnerabilities in vehicles can be discovered and patched, before run-of-the-mill crooks get to exploit them for their own benefit.