Welcome back, my Mr Robot fans!
As many of you already know, Mr.Robot is my favorite TV show and if it were a movie, it would be the BEST hacker movie ever. Not only do I love it for the writing, directing and acting (the star, Rami Malek, won an Academy Award in 2019), but because it depicts hacking accurately. When Elliot Alderson or Darlene or any of the other characters on the show are seen doing a hack, the depiction is usually accurate (the show employs several hacker consultants to ensure the accuracy of their hacks).
In Season 4, Darlene is seen attempting to hack into a car as seen below. Of course–she was interrupted before succeeding– but we can still analyze what she was doing and how she expected to hack the car before she was so rudely interrupted.
Step #1: Unlock the Car Door
Darlene was not using any sophisticated technology to unlock the car door such a hacking the alarm system or the keyless entry system to get inside the car. Instead–as you can see below–she simply used a specially-crafted wire with a hook to pull up the door lock.
Step #2: Connecting to the Car’s Network
Nearly every vehicle has a diagnostic port under the dash known as the ODB-II port. This port was designed to provide your mechanic access to the vehicle computer system and download its diagnostic codes. This port can also provide anyone with physical access to the vehicle, complete access to the car’s network.
All you need to access this network is simple and inexpensive device (<$15) that can be ordered from any electronics or automobile parts retailer or Amazon.
Once this connector is plugged into the ODB-II connector, you can use the can-utils to connect to the network. These Linux utilities enable you to sniff and reverse engineer communication on the car’s network, among many things
Here you can see Darlene using the cansniffer from the can-utils while plugged into the car’s network via the ODB-II port.
Once she is inside the network and viewing all the traffic, the next step is to identify traffic that communicates a particular task such as; start the vehicle, open the doors, etc. Once that packet or packets has been identified (or if she had done her research ahead of time), they can be reverse-engineered into the car’s network using a tool as such cansend of the can-utils.
Summary
Once the attacker has gained physical access to the vehicle, nearly anything can be done with physical access to the CAN network inside the vehicle. These steps include;
1. Connect to the ODB-II connector
2. Install the can-utils to your Linux system
3. Identify the key packets for particular function
4. Reverse Engineer the packet(s) and send them onto the network with cansend.
Automobile or car hacking is one of the leading edges of the hacking universe and Hackers-Arise is one of the best places to study it.
For more on Automobile Hacking, check out the Automobile Hacking section here.
