Show HN: Control your Hyundai car with Python (opens in new tab)

(github.com)

98 pointssynchronizing4y ago56 comments

56 comments

40 comments · 16 top-level

anshumankmr4y ago· 6 in thread

Thank god we have normal cars as I have never understood the appeal of a smart car since everything a smart car can do can be done with a halfway decent smartphone.

* by smart car, I am not talking about self driving cars, I am talking about the gimmick of running some Android and iOS apps on one's car

mdp20214y ago

> Thank god we have normal cars

A disconnected car is a requirement by any parameter of sanity given considerations of security including privacy, within a basic right of rejection of absurdity: but for how long will the "privilege" of avoiding lunacy will be granted?

In Europe already one has to have law-mandated (in terms of shipment) hardware modules removed (the "e-call"). For how long non-connected cars will be available on the market? It is even possible that some rogue legislating body will decide that some connected feature should be mandated...

the_biot4y ago

The tragedy is that while it's no doubt possible to remove (or disable) all that tracking junk you don't want from your car, we're still carrying around phones that more often than not are full of tracking crap. And they're even extra useful in cars, since the car's navigation and entertainment systems tend to be crap compared to what phones have.

1 more reply

fragmede4y ago

You're too late. You can't get a non-connected car since about 2016.

4 more replies

aaronbrethorst4y ago

Built in navigation in cars is garbage. So is the built in music app. Letting me play what’s on my iPhone is leaps and bounds better than what a car manufacturer can give me.

kyriakos4y ago

I use Android auto all the time. Having Google maps on cars dashboard is very useful.

GenerocUsername4y ago

Still requires manufacturers to implement correctly which I found my 2022 Subaru Android auto is locked in landscape so it's essentially half-screen... No way to fix

1 more reply

jdmoreira4y ago· 3 in thread

I worked for a modern car rental company where you just need to download an app to drive a car. The tech was super interesting, there are vendors that sell a box with both gsm and ble interfaces and the cars are fitted with these.

You can send messages through ble or their cloud api / gsm. The app needed to first acquire a token to successfully establish a ble connection.

I'm not saying you can't buffer overflow through ble messages but at least the authentication was solid.

dubswithus4y ago

Zipcar? Or do they use Bluetooth?

grepfru_it4y ago

Zipcar was hilariously easy to bypass/override with physical access. I had access to a local Volvo for almost 3 years until I stopped checking. I never drove the car because of gps and the proliferation of cameras, but I would store random things in the trunk when I was passing by the area

1 more reply

jdmoreira4y ago

No, not Zipcar

_8j504y ago· 3 in thread

If you get phished or something, can attackers use this to turn off the car while driving? Or something lesd harmful like keep it on while you're at work and drain gas.

V__4y ago

Maybe. There was a vulnerability [1] with BlueLink and that could have been an attack vector, but the article mentions:

> The attack can’t be done at scale, because the local network that the vehicle owner is using would have to be infiltrated by the attacker.

Wikipedia says BlueLink uses Bluetooth [2]. So I'm not sure what connection is actually used, but if it's Bluetooth/local wifi and there are no further security bugs, then it would be unlikely that someone else could connect to the car in the first place.

[1] https://www.tomshardware.com/news/hyundai-blue-link-vulnerab... [2] https://en.wikipedia.org/wiki/Hyundai_Blue_Link

synchronizingOP4y ago

I can't speak on older BlueLink cars (article is from 2017), but my 2021 Elantra has GSM built-in and the commands are sent/received through the web - no bluetooth at all.

1 more reply

_8j504y ago

Makes sense. I thought it was done over the internet when U saw login().

redeux4y ago· 3 in thread

Having looked into this myself recently, why would I use this project over bluelinky?

https://github.com/Hacksore/bluelinky

tyingq4y ago

I see some differences. The python one can enumerate all cars in the account, the node.js one doesn't have that....you have to specify a VIN. Python one has figured out how to enable specific seat heaters at start, node.js one says "Not sure?", etc.

mrweasel4y ago

Because you really want a Python API?

jmartin26834y ago

Because you’re using Python?

icy4y ago· 2 in thread

Can someone ELI5 how this works? I understand it's sending requests to some API on some server, but what I don't get is how the car receives these commands. What does the entire end-to-end network look like?

Nextgrid4y ago

The same way your typical shitty IoT device works. There’s an internet-connected module that receives messages from the cloud and then emits the equivalent messages onto the CAN bus or some other bus connected to the BCM or whatever you want to control remotely.

jdmoreira4y ago

A lot of new cars are sold with a gsm module that you don't control

srvmshr4y ago· 2 in thread

It reminds me of the slightly funny incident when my brother's boss got stuck midway on the road to his destination, because his Fiskar Karma was having a firmware update

jacquesm4y ago

I looked at a company in this space and was quite surprised they never thought to check whether the vehicle was in motion during OTA updates. So much for risk assessment...

mdp20214y ago

He should have sued.

aaronbrethorst4y ago· 2 in thread

Anyone happen to know if Kia UVO's is based on Hyundai's Bluelink? I'd love to build a more user-friendly iOS app for controlling my Niro EV than Kia Connect :P

marsokod4y ago

It is exactly the same. You have many modules for Home Assistant (through HACS, none is an official module yet) that will use a similar setup.

I use it mostly to track and keep a record of my Niro status.

aaronbrethorst4y ago

Cool, thanks!

throw4574y ago· 2 in thread

Hackernews: connected closed proprietary Tesla good. Also hackernews: connected open api Hyundai bad.

blowski4y ago

Hackernews: A community made up of many people with a wide variety of opinions.

throw4574y ago

Nah… if you are not lucky enough to be in a discussion early it’s just one side of the hivemind jerking it and the other side stfu because no one wants to get downvote abused :)

1 more reply

captainkrtek4y ago· 1 in thread

This is cool (and terrifying)! :-)

abdouls4y ago

Absolutely haha!

I remember being excited when I could remotely control the lights on my table from school (fun little arduino/rpie + led project).

Now we remotely control cars with REST... Indeed cool and terrifying!

synchronizingOP4y ago

I build this for a cron script that queries my car's odometer and then queries CarFax to log my cars price over time on YNAB[1], but it has many uses.

Been thinking - lately - to perhaps also use this package with Google Home, but haven't gotten around to it. Might come in handy fellow Hyundai owners.

[1] https://www.youneedabudget.com

minedwiz4y ago

Suddenly feeling glad that I park my car in a garage with no mobile reception.

steve_mcdougall4y ago

Ooooooo what I really hate about this is that a remote API is called to do this.

It would be considerably less terrifying if this was just canbus messages.

BIG YIKES

dzhiurgis4y ago

I haven’t studied these much but If your car doesn’t have Bluelink there are things like autopi and probably some others.

hodgesrm4y ago

If you had to pick a single title to summarize the Hacker News ethos, this would be it.

lostmsu4y ago

To save you a click: this is not about being able to drive the car.

2 more replies

klogvl4y ago

Blinkenlights with Python! I wonder when we'll see "Crash your Tesla with Python". So far, Musk seems to disallow the untyped language based on modifiable nested dictionaries and weird name spaces.

j / k navigate · click thread line to collapse

56 comments

40 comments · 16 top-level

anshumankmr4y ago· 6 in thread

Thank god we have normal cars as I have never understood the appeal of a smart car since everything a smart car can do can be done with a halfway decent smartphone.

* by smart car, I am not talking about self driving cars, I am talking about the gimmick of running some Android and iOS apps on one's car

mdp20214y ago

> Thank god we have normal cars

the_biot4y ago

1 more reply

fragmede4y ago

You're too late. You can't get a non-connected car since about 2016.

4 more replies

aaronbrethorst4y ago

Built in navigation in cars is garbage. So is the built in music app. Letting me play what’s on my iPhone is leaps and bounds better than what a car manufacturer can give me.

kyriakos4y ago

I use Android auto all the time. Having Google maps on cars dashboard is very useful.

GenerocUsername4y ago

Still requires manufacturers to implement correctly which I found my 2022 Subaru Android auto is locked in landscape so it's essentially half-screen... No way to fix

1 more reply

jdmoreira4y ago· 3 in thread

You can send messages through ble or their cloud api / gsm. The app needed to first acquire a token to successfully establish a ble connection.

I'm not saying you can't buffer overflow through ble messages but at least the authentication was solid.

dubswithus4y ago

Zipcar? Or do they use Bluetooth?

grepfru_it4y ago

1 more reply

jdmoreira4y ago

No, not Zipcar

_8j504y ago· 3 in thread

If you get phished or something, can attackers use this to turn off the car while driving? Or something lesd harmful like keep it on while you're at work and drain gas.

V__4y ago

Maybe. There was a vulnerability [1] with BlueLink and that could have been an attack vector, but the article mentions:

> The attack can’t be done at scale, because the local network that the vehicle owner is using would have to be infiltrated by the attacker.

[1] https://www.tomshardware.com/news/hyundai-blue-link-vulnerab... [2] https://en.wikipedia.org/wiki/Hyundai_Blue_Link

synchronizingOP4y ago

I can't speak on older BlueLink cars (article is from 2017), but my 2021 Elantra has GSM built-in and the commands are sent/received through the web - no bluetooth at all.

1 more reply

_8j504y ago

Makes sense. I thought it was done over the internet when U saw login().

redeux4y ago· 3 in thread

Having looked into this myself recently, why would I use this project over bluelinky?

https://github.com/Hacksore/bluelinky

tyingq4y ago

mrweasel4y ago

Because you really want a Python API?

jmartin26834y ago

Because you’re using Python?

icy4y ago· 2 in thread

Nextgrid4y ago

jdmoreira4y ago

A lot of new cars are sold with a gsm module that you don't control

srvmshr4y ago· 2 in thread

It reminds me of the slightly funny incident when my brother's boss got stuck midway on the road to his destination, because his Fiskar Karma was having a firmware update

jacquesm4y ago

I looked at a company in this space and was quite surprised they never thought to check whether the vehicle was in motion during OTA updates. So much for risk assessment...

mdp20214y ago

He should have sued.

aaronbrethorst4y ago· 2 in thread

Anyone happen to know if Kia UVO's is based on Hyundai's Bluelink? I'd love to build a more user-friendly iOS app for controlling my Niro EV than Kia Connect :P

marsokod4y ago

It is exactly the same. You have many modules for Home Assistant (through HACS, none is an official module yet) that will use a similar setup.

I use it mostly to track and keep a record of my Niro status.

aaronbrethorst4y ago

Cool, thanks!

throw4574y ago· 2 in thread

Hackernews: connected closed proprietary Tesla good. Also hackernews: connected open api Hyundai bad.

blowski4y ago

Hackernews: A community made up of many people with a wide variety of opinions.

throw4574y ago

Nah… if you are not lucky enough to be in a discussion early it’s just one side of the hivemind jerking it and the other side stfu because no one wants to get downvote abused :)

1 more reply

captainkrtek4y ago· 1 in thread

This is cool (and terrifying)! :-)

abdouls4y ago

Absolutely haha!

I remember being excited when I could remotely control the lights on my table from school (fun little arduino/rpie + led project).

Now we remotely control cars with REST... Indeed cool and terrifying!

synchronizingOP4y ago

I build this for a cron script that queries my car's odometer and then queries CarFax to log my cars price over time on YNAB[1], but it has many uses.

Been thinking - lately - to perhaps also use this package with Google Home, but haven't gotten around to it. Might come in handy fellow Hyundai owners.

[1] https://www.youneedabudget.com

minedwiz4y ago

Suddenly feeling glad that I park my car in a garage with no mobile reception.

steve_mcdougall4y ago

Ooooooo what I really hate about this is that a remote API is called to do this.

It would be considerably less terrifying if this was just canbus messages.

BIG YIKES

dzhiurgis4y ago

I haven’t studied these much but If your car doesn’t have Bluelink there are things like autopi and probably some others.

hodgesrm4y ago

If you had to pick a single title to summarize the Hacker News ethos, this would be it.

lostmsu4y ago

To save you a click: this is not about being able to drive the car.

2 more replies

klogvl4y ago

Blinkenlights with Python! I wonder when we'll see "Crash your Tesla with Python". So far, Musk seems to disallow the untyped language based on modifiable nested dictionaries and weird name spaces.

j / k navigate · click thread line to collapse