The Jeep Hack – the full horror

August 25th, 2015

Full details have now been released of just how the Jeep hack I mentioned here was carried out, and there’s a video (long, but worth it if you’re interested):

A article on Hackaday, and a white paper (PDF, 4.3MB) explaining how it’s done.

There’s two things to draw from this- that the researchers are very clever, and that the people that designed Uconnect are either naive, stupid, or foolhardy. That sort of thing is fine if you’re experimenting with code, less so if you’re developing code that can be exploited in a fast-moving 2-tonne chunk of metal. Since the video is long, I’ll pick on a few key points.

1) The “random” passphrase for the inbuilt wifi hotspot is fairly predictable.
2) Port 6667 (DBUS) was left exposed to the internet on the 3G connection, and the system calls availble there were exploitable.
3) Services were running as a superuser, so they didn’t have to work out privilege escalation.
4) Firmware updates have no signing to check validity.
5) The radio had a connection to the “drive” CANbus.

added together, that’s pretty scary.

Time to review InternetofShit.

In the PC world (and in that, I’m including Mac and Linux), the devices you have may have a life of 10 years, and in that time, these days, they will be regularly patched, so silly vulnerabilities get fixed. Also, generally speaking, things controlling dangerous machinery aren’t always connected to the Internet (though that is becoming less true as time goes on). A car will have a longer life, and probably be rarely patched, especially by the time it has it’s second or third owner, who is unlikely to take it to a franchised dealer. How about a fridge? Mine is 20 years old now, and had it been possible to buy an Internet-connected fridge then, do you think the manufacturer would be supplying firmware?

Just because you can connect something to the Internet, it doesn’t mean you should.

The root of the problem

August 23rd, 2015

The other day, I did something a bit unwise, and power-cycled my Volumio music player, and it failed to return to life. Eventually I got it hooked up to a TV to see what was wrong, and predictably:

Give root password for maintenance (or press Control-D to continue)

Unix and Unix-like systems don’t like having their power shut off without a clean shutdown, and the Raspberry Pi seems particularly prone to corrupting the root filesystem given a bit of provocation.

Now, generally, using fsck is like using chkdsk on Windows. It might fix things, or it might break them more. Not a big issue with what is quite a small image on an SD card, so breaking out dd soon should fix that: the music is on an external drive, and there’s very little config to do.

Except it didn’t. I wrote the image, and tried again. Many times, with new SD cards, even with a USB-microSD adaptor in case the laptop I was using had a duff SD slot, and also tried my other Raspberry Pi. each time, it failed. After much fscking about (literally) I realised the one thing I hadn’t changed. A Raspberry Pi runs off a micro-USB phone charger, and instead of the usual, decent quality one I used where the Pi is installed, I used a cheap nasty one that was handy. Evidently it wasn’t stable enough.

With it booting correctly and back in place, back to the music, and I’ve just discovered another great thing. As Volumio is based on MPD, you can either use the (very nice) web interface built-in, or connect a client like Cantata:

Cantata's interface- plays the music, gives info.

Cantata’s interface- plays the music, gives info.

or one of the multitude of others,and control from a phone, tablet, or PC.

I can’t help but wonder how many commercial jukeboxes are using this stuff in the backend…

#100pubsin2015: Walsall phase 1

August 16th, 2015

As we’re sadly behind schedule on 100pubs, we’ve had a concerted effort of late, and now we’re getting close to the halfway point, with an epic effort yesterday in Walsall. You can see the individual pubs here. Yesterday’s exercise had a few guests joining us, a tactical avoidance of the Walsall nazi fuckwit march, and a mere sociable gallon of beer, something I’ve not managed for some time. There’s still enough pubs in town for at least one more trip though…

Horny Cock

August 12th, 2015

Now I’ve got your attention, you’ll be disappointed.

The current roadworks on the A4124 have pushed a good bit more traffic over the amusingly-named Black Cock Bridge. Anyone that knows the bridge knows that it’s fearsomely steep- slightly less so than the pre-1994 Clayhanger Bridge, but still steep and narrow, and blind at the summit (this side is slightly less steep than the other):

This means that, except at night, it’s an appropriate place to use a car horn.

My recovery from surgery dictates that I should try to walk a reasonable distance each day, and a walk to the bridge and down the towpath is both not too inconvenient and fairly pleasant, but with the extra traffic it has revealed to me just how many people are both incapable of using the horn correctly, and indeed of realising why others might do so, and it is, as one might say, boiling my piss too a disproportionate degree.

For the record, as there’s not room for two cars to pass, the idea is to approach at a speed you could stop in, sound your own horn once, maybe twice, and listen for the same from the other side, so that only one of you passes the narrow bit, and causes the minimum of noise nuisance. This might mean, for example, muting the stereo.

The idea isn’t to approach fast, sounding the horn repeatedly, with a mobile phone held to your ear, just for one (twattish) example.

A few years ago, residents near the bridge wanted the bridge closed when a long-lost consultation took place, citing danger and noise. I had little sympathy, given that the bridge has been there longer than them, but really, with the number of idiots I’ve heard of late, I can hardly blame them.

CAN do?

July 28th, 2015

I’ve written before about CANbus, and electronics in cars. My own car, despite being only a mid-size, mid-range hatch a few years old, has a good few electronic modules, and CANbus to connect them. Cars have 3 flavours of CAN- one for the drivetrain and chassis- so this episode would use that, as would this one, and one for the interior stuff (for both instrumentation, and stuff like the radio shifting it’s volume up and down with speed, or automatic closing of windows when locking), and then one more for connecting diagnostic gear like VCDS or Torque.

These individual networks are gatewayed together as they run at different speeds, and there’s no real control over what can talk over these networks, which isn’t really a problem, you’d think: the car is a closed system, so unless you connect diagnostic equipment or get very interested and attach a Raspberry Pi to the CANbus (great article there), it hardly matters. There have been scare stories in the press of clever people hacking cars before, but these have involved a direct, cable connection to the diagnostic port, so no big deal, and the networks *have* to be gatewayed for the instruments to display your speed, and for the diagnostic kit to work.

Until…..

It is now becoming commonplace to include connected entertainment systems into cars. These will have an internet connection, either via a tethered mobile phone, or with a SIM card fitted. There’s various names for this, according to manufacturer.

There’s Audi Connect, GM OnStar, Ford Sync, for example, and then there is Fiat Chrysler UConnect.

The scary bit here is that potentially, you’re now exposing the CAN to the Internet. Depending on how well secured things are (or aren’t), you might possibly allow anyone on the Internet to, say, disable the brakes or transmission, as detailed here by The Register. As we get more and more fancy devices (like, say, auto-parking) then the exposure of safety-critical things like steering and braking, which used to be simple, mechanical, systems to attack becomes greater.

It’s certainly the case that some cars (VAG ones, for sure, in my experience) only allow full access to some critical modules with a login- but these logins are quite well publicised, which means you’d better be pretty sure about your car’s fancy entertainment system being secure, and staying secure when it is 15 years old and the manufacturer no longer supports it. Maybe the further research of these guys, with intrusion detection for CAN has merit?

Sticking it to The Man

July 2nd, 2015

I’m now, around 2 months after surgery, finally starting to feel a bit recovered- but still having to take things very, very carefully. At point of coming out of hospital, I could just about hobble a few yards on 2 sticks, or rather elbow crutches. I’ve built that up, very gradually, to the dizzy heights of half a mile with one, wandering around the house with none, and managing a trip around the supermarket with the trolley to lean on, and I can drive short distances. Soon, I’ll hopefully be better (but fatter, see below) than beforehand.

Being temporarily disabled opened my eyes to a few things.

1) People, overall, are very kind and helpful, from pub and restaurant customers to bus drivers and passengers, and taxi drivers- but people *stare*. It’s good-natured- they want to be sure you’re OK- but still uncomfortable.

2) Having to use taxis a lot gets expensive quickly. Getting to my GP surgery if someone couldn’t drive me in a car was a ridiculous journey: it is all of 2 or 3 miles, and can be done on one bus *if* you can walk about half a mile to a bus stop, which I couldn’t at that point- so taxi it was. Anyone on a low income would struggle, and even for a simpler trip to Walsall, that walk to the bus stop (only a few hundred yards) can seem a long way, and getting to a walk-in NHS centre to get staples removed would have been next to impossible except by car or taxi.

3) Room to move becomes important, and people parking on pavements, self-closing doors, and narrow doorways in buildings become really difficult.

4) Sitting on one’s increasingly capacious arse (a result of boredom eating, and going from cycling 4-5 evenings a week and walking to local shops to doing almost *nothing*) sounds like fun, but rapidly isn’t. The garden is overgrown, the cars are unwashed, and I have the time to do them, but can’t do so. Friends have helped, but I cannot rely on that all the time, and don’t want to either. By the time I *can* do it, I’ll have to go back to work :-(

5) I spent a few weeks being almost totally dependent on others- I could get to the toilet, I could get showered, and dressed (even if it took 15 minutes and a dazzling amount of expletives to put a sock on…), and it wasn’t a good experience, despite my better half being very supportive. I could get to the kitchen, but could only carry stuff I could get in a pocket. What would I do if I lived alone?

6) While Internet shopping handily solves some difficulties, being unable to lift/carry items within the house makes getting the shopping from the front door hard. I’m not suggesting they should come and put it away for me; merely that on the face of it, it seems like a fix, but I still needed assistance.

7) One’s drinking social life becomes impaired. Pubblog has had few updates, and #100pubs is looking very, very sick.

Basically, it’s stunning how many everyday things get harder, more expensive, or both, and at the risk of repeating myself, people would do well to remember this.

PS: when you start watching On The Buses repeats, and being genuinely aggrieved if you miss it, you’ve probably been at home too long ;-).

Turning the wheels

July 2nd, 2015

As I’ve been recovering from surgery, I’ve not been using my car, so to preserve the battery (now around 9 years old), I connected (well actually, my other half connected) my excellent CTEK battery charger, at first using the croc clips, then, when I was able to, using the comfort connector- a socket that is connected to the car permanently.

Doing this upset things: when I went to try and start the car, I got a load of warning lights, and plugging in the diagnostics revealed a fault code for the steering angle sensor:


00778 - Steering Angle Sensor (G85)

Clearly dicking about with the battery terminals had lost the basic setting.

The sensor simply tells the ECU how far the steering wheel has been turned, and is needed, and calibrated, so that the Stability Control knows which way the wheels are pointing, and also so the Steering Assist ECU can adjust the steering weighting according to speed and how much steering lock is applied. As such, you have to tell the Stability Control (part of the ABS controller) where straight ahead is, with this procedure, and then allow the car to calibrate where the two ends of travel of the steering rack are by following this procedure, which is why it’s remained undone until now, now I’m able to drive short distances and manage the steering with little power assistance.

In the event, it took several attempts at the second procedure, which is why today found me sitting in an quiet industrial estate, with the car running and a laptop on the passenger seat, and even then, it took a short drive and several lock-to-lock moves to clear. The steering was both very heavy and devoid of feel until all of a sudden, the fault lamp cleared, the steering got lighter, all started working correctly, and a scan produced this:

A happy steering assistance ECU

A happy steering assistance ECU

All a bit complicated, really, but that’s the price we pay for all the fancy active safety gear, and another sign of how car systems interact: the steering angle sensor will report an error in the steering assist ECU, but the basic settings are set in the ABS/Stability controller, and both controllers get upset if this setting is lost.

Digital Motor: Marketing bollocks?

May 28th, 2015

I’m bored evidently.

The Dyson adverts on TV got me thinking: they go on about a Dyson Digital Motor. It sounded like bollocks; marketing fluff, so I asked them, and to their credit they answered:

Our digital motors different from regular motors in that they do not contain carbon bristles that create motion within the motor. Regular motors function by way of these carbon bristles allowing certain parts of the motor to rotate, but the use of this equipment can be noisy, heavy and produce fumes. Dyson opt for a digital motor that employs electronics and magnetic equipment to create power and motion within their machines with digital equipment inside the motor than controls the levels of power being produced by the machine. This more advanced design allows for a more powerful motor that is not only lighter, but more efficient in the long term and quieter when functioning.

So, it’s a brushless motor, with some control electronics. Maybe not marketing fluff after all. A quick google reveals this article in electronics weekly– so there really is some clever engineering- the digital bit is a microproccessor switching the supply quickly in order to make the brushless motor work on DC at very high speed. I take it back- not marketing fluff, and full marks to Dyson for answering tedious little queries.

A bit more googling reveals this press release (.doc, 35k) from 2003 with some details of an earlier version. Love the diagnostics…

Simple Productivity

May 27th, 2015

There’s been an article on the BBC website that’s caught a bit of Twatter attention, with a few people saying “right on”, notably homeworkers and people working for themselves.

I can see their point, and some of the article’s point, but really, given the author’s credentials, I’d expect a bit better: as per usual for BBC Magazine articles, it’s an over-simplification, and a lot of puff, and air, and light on facts, analysis, or thought. Maybe that’s the problem; articles here are generally low on content, high on bollocks, and perhaps his recent book would make a better read, though a recent Guardian article is, IMO, similarly flawed, and making assumptions.

If I’m interpreting the articles correctly, one of the things they’re saying is that if you’re detached from the direct production environment, your job has become worthless: i.e: If you’re making something or directly providing a service, you’re valuable, if you’re backroom staff, you’re not: so a postman is valuable, the person that administrates his salary isn’t. This is both (a) wrong, and (b) a rather odd thing for an academic (who surely is a long way from a direct production process) to say.

Perhaps I have that wrong, but one very clear message from the article is that:

The average British worker spends 36 days a year answering work emails. London workers in particular receive close to 9,000 emails each year.

and the inference seems to be that that time is wasted.
Read the rest of this entry »

Politics and Pain

May 9th, 2015

I’m writing this in the aftermath of the 2015 General Election. So, while a stay in hospital is not pleasant at least I avoided much of the discussion and speculation. I don’t, as a rule, make too many political comments here: this blog is about me, and my interests, and politics both bores and frustrates me: the results and consequences don’t but the political game is too tedious, arcane, and obfuscated for me.

I will, however, express my fear of another Conservative government. I’ve spent the last couple of days in the care of the NHS: part of the package of care that Conservatives wish to either kill off or privatise. I’m lucky, in that I don’t need some aspects of care and welfare: I am usually healthy and fit, and in employment, but that could so easily be different. I’ve had a operation that would be incredibly expensive in a private healthcare system- and as I’ve had prior problems health insurance would probably run a mile- but as I have friends and family, the NHS, and a proper job with a reasonable employer, I don’t have to worry about care for myself, or who pays for it. It really doesn’t bear to think how that could be so, so different, and the electorate in their wisdom have chosen a party that are continually heading in that direction. As one of the “hardworking taxpayers” we keep hearing about, I’d like to remind everyone that most of us will use the NHS and many of us may have to use the welfare state. Ask yourself this question: If you found yourself unable to work for an extended time, how far are you from financial difficulty? If you need medical assistance, can you afford anything other than the NHS? Syill feeling nice and secure?

In the post I’ve linked, I refer to wasters. We all know wasters exist: there are people who don’t work through choice and contribute nothing: but these are fewer than some would have you believe. There are many people unable to work for a wide range of reasons and it could so easily be you.

The care I received was excellent, by the way. Part of the systematic disassembly of the NHS is to say that it is failing and inefficient (because, obviously, the private sector is always efficient and works 100%) but all I saw were hardworking, professional staff looking after patients, and I’m hugely disappointed and more than a little worried that we’ll see this situation further damaged by the new government. My pain will fade over the coming weeks and can be dulled with painkillers; the country’s pain will last for 5 years at least.


This blog is protected by Spam Karma 2: 38980 Spams eaten and counting...