Build, Break, Learn, (improve), Repeat.
Since the 1950s, Kaizen, the Japanese concept of continuous improvement has routinely been applied to industry, and software and hardware development with generally positive connotations. When similar forms of ‘change’ or ‘improvement’,are taken on by the consumer or individual, rather than by the product manufacturer, the term ‘-hacker’ is used in a less than positive manner
The term hacking or hacker has for a long time has a negative connotation and, was synonymous with doing something destructive - but how is hacking any different that innovation? Software companies hold hackathons in order to break their systems to learn and improve them. In order to build better more reliable things, we first need to break them, and to see how and where they break in order to build better more reliable things. With the emergence of the Internet of things, and especially cars that are connected to the Internet, people naturally begin to worry about security. Now that my car is online does it have the same vulnerabilities as my laptop?
Hacking the connected car is a hot topic recently. Security ‘experts’ have began demonizing the connected car with stories about a malevolent hacker able to access control over your car over the internet and disable your vehicle while speeding down the highway. This is click bait journalism at its finest, praying on people’s fears of new technology while promoting their own security solutions. This piece by 60 minutes was then followed by a report from Senator Markey. (“no coincidence”) The report states...
"the responses to this letter from 16 major automobile manufacturers… These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information.”
What the report doesn’t state is the fact that not counting hacks done for research. An excerpt taken from an article cited in the report by Senator Markay...
“Although NO such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it. Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place.“
Hacking the family sedan is as likely as someone stealing the family sedan. As sited in this article from pc mag. “—to date there's been a total of one car hacking incident. And that was performed by a disgruntled former car dealer employee who had access to a system that allows repossessing cars by disabling the ignition system or honking the horn to embarrass owners who are behind on loan payments. No cars, cones, or people were harmed in the hack.”
The fear mongering continues with the demonizing of Arduino. A recent article where a 14 year old hacker was able to purchase some rudimentary parts from his local radio shack and engineer a circuit board in order to remote control the car’s systems.
According to the article
“Windshield wipers turned on and off. Doors locked and unlocked. The remote start feature engaged. The student even got the car's lights to flash on and off, set to the beat from songs on his iPhone. Though they wouldn't divulge the student's name or the brand of the affected car, representatives from both Delphi and Battelle, the nonprofit that ran the CyberAuto Challenge event, confirmed the details.”
Once again, seems a little too coincidental that the event was put on by a company who’s main initiative is to sell you security.
In all these cases physical access was needed to install a device within the car that controlled very specific systems like ignition and the horn. That’s right – you would need to break into the car first before you could hack it. This is akin to hotwiring a car. Access needs to happen to the internal systems of the car in order to hack the ignition to turn on the car. We’ve learned from this and no one hotwires that are newer than the mid 90s anymore. Most cars now have immobilizers built into the ignition key.
Build it. Break it. Learn. Improve it. Build it again.
Hacking cars software isn’t a new thing. Whether to achieve better fuel efficiency or increase horsepower, we’ve been hacking the car’s ECU ever since the 1980’s through Chip Tuning. As technology advanced, modern electronic control units can be tuned by simply updating their software through a standard interface, such as On Board Diagnostics.
Former Tesla intern and embedded systems engineer Eric Evenchick released an open source toolkit recently (CANard and CANtact) that was designed to work with the Controller Area Network (CAN) bus that controls many functions in cars. CANtact plugs into your USB and then plugged into any car via a OBD-II cable. Researchers, hackers or the curious can buy CANtact for $59.95, or build their own thanks to the source code and hardware design files on GitHub. “Making diagnostics available for cheap means that we can not only audit the security of these systems, but also use them for their intended purpose: fixing cars,” Eric’s vision is to build an inexpensive device that can help researchers find security vulnerabilities in the CAN systems.
We at DRVEN share Eric’s vision and believe that people should be able to unlock the information in their cars systems. The auto manufacturers have kept this crucial information out of the customer’s hands for far too long, and It’s time we all begin “hacking” our automobiles.
Be it malevolent or well meaning “hacking” should be classed in the same space as innovation. We don’t know how to build a better thing, until we’ve broken it.