A peek into the future of cars I feel: OBD-II Condoms

Javier Vazquez Vidal https://github.com/fjvva/OBDCondom ">https://github.com/fjvva/OBD... has come up with an interesting idea. Personally, I don& #39;t think this will work as well in practical terms, but it& #39;s a great idea to start the discussion
Firstly WTF is an OBD-II port?

Think of it as a multi-connector for something to interface with your car& #39;s network (s). The standard allows for 5 signalling protocols
When you plug a capable device in, and if the bus allows for it, you& #39;ll see stuff like
Looks hectic but actually, it& #39;s relatively simple. I drew a picture to explain
There& #39;s plenty of docs and books on the above, @rndashm and I are making a Mercedes-Benz specific one https://github.com/rnd-ash/mercedes-hacking-docs">https://github.com/rnd-ash/m... so won& #39;t go into too much detail here.

Pero pero, this port is also open to abuse to some degree, hence the condom idea.
What Javier has proposed is a device to enable/disable CAN/KLINE or any low-speed (non-ethernet) communications from the OBD port to prevent undesired access (theft via OBD)

The way he& #39;s designed the circuit, it enables the CAN/KLINE lines when voltage is applied to + & - lines.
Sounds great but herein lies my concern:

if you are inside the car, you have full access. Many attempts have been made to protect this port, but they rely on a physical overlay device
Some even come with GPS but they stick out, they are easy to see and as such, trivial to bypass
So there& #39;s the problem. The port is meant to be accessible, it& #39;s a physical port, and as such overlay protection is trivial to bypass.

How one protects this is the ongoing debate many are having. Do you use a wakeup packet as Bosch does? Do you adopt legacy white-listing?
Javier& #39;s solution is interesting but I& #39;d love to see how you& #39;d attach it so that it still makes it easy to use and not vulnerable to attack too.
You can follow @dcuthbert.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: