A Remote Attack on the Bosch Drivelog Connector Dongle (opens in new tab)

(argus-sec.com)

83 points_-_T_-_9y ago25 comments

25 comments

11 comments · 5 top-level

Buge9y ago· 4 in thread

I knew IOT devices generally have weak security, but I didn't anticipate them so easily being connected to physically dangerous objects like cars. I wonder how common this will become.

yetihehe9y ago

Most of trucks in europe have gps systems which connect to CAN in order to measure driver efficiency and vehicle condition. They are also connected via cellphone network to internet (only sometimes through APN, mobile equivalent of VPN). All of them have security holes, typically much worse than this dongle, just no one cared to look at them yet.

rahkiin9y ago

Wouldnt it be possible to have the CAN chip only send data to the iot microprocessor? So not attaching the Tx but only Rx. As far as I understand CAN it is a bus everything is dropped on, without an actual request-response system.

Now everything from the car could be read but nothing can be controlled.

4 more replies

alexei_kovelman9y ago

This is actually more common than you'd think (and keep in mind that the Drivelog is relatively secure, even by non-IOT standards).

lucaspiller9y ago

Just to clarify, the no-name Bluetooth OBD-II adapters a lot of people use come with a default PIN of 0000 or 1234 - that can't be changed - and the OBDII port is usually powered even with the vehicle switched off and locked.

However, how much you can do really varies depending on the vehicle. I have a 2010 Prius and the OBD-II port is powered when locked and switched off, but the computer isn't active (so the port can't be used) unless the vehicle is switched on. Also the port itself is mainly read-only in my case, other than opening windows there isn't much I can do through it (I wanted to add remote-start, but it's not possible).

1 more reply

kylehotchkiss9y ago· 1 in thread

I went out of my way to buy a vehicle with no GSM chip built in whatsoever (that's not easy in 2016). Car companies care as little about protecting their tech as they care about trying to fix USAs lovely car dealership system.

I know this post is about a dongle, but you can remove a dongle from a car at least. You can't remove the GSM chip from most new cars that's uploading your location to heaven knows where and how many people have hacked their database this week.

gumby9y ago

Can't you disconnect / destroy the antenna?

microDude9y ago· 1 in thread

Actually, I was impressed how much security Bosch included in their device.

For a IoT device I would give this a gold star. I am sure after this report was given to them, they patched their firmware.

tyingq9y ago

I dunno...the dongle gives up it's certificate so that you can brute force it offline. It's an 8 digit numeric only pin. 100 million possible PINS, when you can do 100 million SHA-256 computations in 30 minutes on a typical laptop. That seems unwise.

And it allows you to send and receive any CAN bus message you want, versus just some subset of OBDII. As far as I can tell, the features don't require anything other than querying OBDII for some very small subset of data. So if the dongle only passed those request packets, and dropped everything else, it would be miles more secure. Since it appears to be a simple passthrough device, I'm not sure there's enough horsepower in the dongle to fix that with firmware.

SwedishChemist9y ago

Is the Drivelog Connect even necessary?

"Drivelog Connect allows your car to speak to you. Your car directly connects with your smartphone. All the information becomes available at your fingertips."

Many of the features the app offers could be made available in the car's console/monitor.

Like: - automotive diagnostics, display of real-time driving behavior(should you really be looking at your Smartphone while driving), Logbook for recording and storage routes...

I don't really see benefit of this app.

azinman29y ago

Seems to me that the main thing they could do that's cheap and easy is require a button press on the device to pair. Unfortunately that's not as simple as a firmware update.

j / k navigate · click thread line to collapse