A peek into the future of cars I feel: OBD-II Condoms
Javier Vazquez Vidal https://github.com/fjvva/OBDCondom has come up with an interesting idea. Personally, I don't think this will work as well in practical terms, but it's a great idea to start the discussion
Javier Vazquez Vidal https://github.com/fjvva/OBDCondom has come up with an interesting idea. Personally, I don't think this will work as well in practical terms, but it's a great idea to start the discussion
Firstly WTF is an OBD-II port?
Think of it as a multi-connector for something to interface with your car's network (s). The standard allows for 5 signalling protocols
Think of it as a multi-connector for something to interface with your car's network (s). The standard allows for 5 signalling protocols
There's plenty of docs and books on the above, @rndashm and I are making a Mercedes-Benz specific one https://github.com/rnd-ash/mercedes-hacking-docs so won't go into too much detail here.
Pero pero, this port is also open to abuse to some degree, hence the condom idea.
Pero pero, this port is also open to abuse to some degree, hence the condom idea.
What Javier has proposed is a device to enable/disable CAN/KLINE or any low-speed (non-ethernet) communications from the OBD port to prevent undesired access (theft via OBD)
The way he's designed the circuit, it enables the CAN/KLINE lines when voltage is applied to + & - lines.
The way he's designed the circuit, it enables the CAN/KLINE lines when voltage is applied to + & - lines.
Sounds great but herein lies my concern:
if you are inside the car, you have full access. Many attempts have been made to protect this port, but they rely on a physical overlay device
if you are inside the car, you have full access. Many attempts have been made to protect this port, but they rely on a physical overlay device
So there's the problem. The port is meant to be accessible, it's a physical port, and as such overlay protection is trivial to bypass.
How one protects this is the ongoing debate many are having. Do you use a wakeup packet as Bosch does? Do you adopt legacy white-listing?
How one protects this is the ongoing debate many are having. Do you use a wakeup packet as Bosch does? Do you adopt legacy white-listing?
Javier's solution is interesting but I'd love to see how you'd attach it so that it still makes it easy to use and not vulnerable to attack too.