30 January 2020 (Lille, France) – As I have noted before, the International Cybersecurity Forum (commonly referred to as “Le FIC”) is more than a trade show. It is a wealth of hands-on opportunities : hacking classes (as attacker and defender), Master Classes (cryptography, digital identify, supply chain systems and how they work, etc.), as well as cybersecurity software training sessions sponsored by a multitude of vendors. This week I found time for two tutorials (1) cryptography and (2) the vulnerability of supply chain systems.
This great mass of cybersecurity brings together the big names and small players in the sector for the general public: the pros, the cyber services of the army or the Ministry of the Interior, the corporate vendors, etc.
It is also a hacker’s den. I was able to watch one of them, Gaël Musquet, a “citizen” hacker who is a member of the Yes You Hack collective which has a large booth here. Their platform connects companies or institutions with hackers, so that the latter can search for and identify security flaws in their products.
At his stand, Gaël demonstrated (sometimes before the astonished eyes of the audience, especially the gendarmerie attending) that any production car can be hacked. “I’m going to show you how to stop any vehicle remotely with a simple transceiver that can be found on the tire valves of most cars since 2012,” he announced after explaining how to steal a car by hacking into its owner’s ignition key without his knowledge.
The principle is simple: with an antenna having a sufficiently long range, and a computer (with free software), all you have to do is collect the data that each valve transmits by radio waves to the on-board computer. The demonstration is impressive since all the serial numbers of the tire valves of vehicles passing by are displayed in real time. As an example, Gaël gives a convincing illustration:
“Let’s say I have identified the serial number of the valves on the Minister’s car coming to the FIC. As soon as he gets out to his car and back on the road, with my antenna, I can remotely send false information to the vehicle’s onboard computer. The dashboard will, for example, display an alert for low pressure or overheated tires. The driver will not take any risk and he will stop the car. I’ll leave you to imagine the possibilities… “
Better yet, Gaël showed how he transformed a Toyota HRV hybrid with a host of driving aids into a stand-alone car simply by connecting his smartphone to the onboard computer. This process could work with any car with the same level of assistance. All that is needed is a few hundred euros worth of equipment, including a socket compatible with that of the vehicle, open source software and an animated Linux PC. Once connected to the vehicle’s diagnostic socket, Linux will consider the car as a simple peripheral. Then it is a question of decoding the data flows and using libraries, also in open source, to do the rest.
Then, it is with the OpenPilot open source software that the mobile comes to exploit all the sensors of the vehicle to give instructions thanks to the geolocation data and another open source software, Open Street Map. Thus, it is the parking assistance that allows to adjust the position of the steering wheel. The brake, accelerator and assistance systems are also diverted from their initial functions. According to Gaël the car could be stopped at a traffic light thanks to Open Street Map data.
This is how in 2019 Gaël drove 10,000 km without touching the steering wheel of the Toyota HRV presented on the stand. “This is completely illegal”, reminds Gaël Musquet, but it proves, except at Tesla which has its models tested for vulnerabilities by hackers, that cyber security issues are not taken into account by the majority of car manufacturers and suppliers:
“Imagine the result if someone malicious goes a little further. It’s not science fiction; if I change it a little bit, I can get my 12-year-old son to drive the car with a joystick.”
Through this type of action, Gaël hopes that manufacturers, and in particular the French, will follow Tesla’s example and start working with hackers to improve vehicle security. For the moment, they seem to remain deaf to his requests.
I’ll have an update on this post after the event which will have links to the software, the platforms, etc. and where you can buy it.