FIC 2020: How to hack a serial car in two lessons
The International Cybersecurity Forum (FIC) opened its doors this morning.Futura met the hacker Gaël Musquet there.He has shown us how, with very few means, it is possible to stop any vehicle remotely or add autonomous driving to a car with assistance options.Reportage.
Vous aimez nos Actualités ?Inscrivez-vous à la lettre d'information La quotidienne pour recevoir nos toutes dernières Actualités une fois par jour.Cela vous intéressera aussiIn Lille, the international cybersecurity forum is currently being held.This great mass of cybersecurity brings together big names and small players in the sector for the general public, pros, cyber services of the army or the Ministry of the Interior.It is also a hacker lair.Futura was able to meet one of them, Gael Musquet, a "citizen" hacker member of the Yeswehack collective.This platform connects companies or institutions and hackers, so that they seek and identify the safety flaws of their products.
On his stand, Gaël Musquet demonstrates, sometimes before the amazed eyes of the members of the ANSSI or the gendarmerie, that any serial car can be hacked."I will show you how to stop any vehicle remotely with a simple transceiver that we find on the tire valves of most cars since 2012," he said after explaining how to steal acar by hacking its owner's contact key without his knowledge.
The principle is simple, with an antenna, of sufficiently large range, and a computer with free software, just collect the data that each valve transmits by radio waves to the on -board computer.The demonstration is impressive since all the standard numbers of the tire valves of the vehicles which pass nearby are displayed in real time.For example, the hacker gives a convincing illustration: “Let us admit that I have identified the serial number of the minister's valves of the car who comes to go to the FIC.As soon as he gets out and hit the road, with my antenna, I can remotely send false information to the vehicle's on -board computer.The dashboard will, for example, display a low pressure or overheating alert of the tires.The driver will not take a risk and stop the car.I let you imagine the possibilities...»».
Not encrypted, the list of valve identifiers and the pressure of the tire of vehicles circulating near the building are displayed on the computer.The GDPR is omnipresent… except on the roads.© Futura
Free software and a little hardware
Better still, this wave wave shows how he transformed a hybrid Toyota HRV equipped with many driving assistance, in a stand -alone car simply by connecting his smartphone to the on -board computer.This process could work with any car with the same level of assistance.It only takes a few hundred euros of equipment, including a socket compatible with that of the vehicle, free software and a PC animated by Linux.Once connected to the vehicle diagnostic socket, Linux will consider the car as a simple device.It is then a question of decoding the data flows and using libraries, also in open source, to do the rest.
Then, it is with the open openpilot software that the mobile comes to use all the vehicle sensors to give instructions thanks to geolocation data and another free software, Open Street Map.Thus, it is parking assistance that allows you to adjust the steering wheel position.For the brake, the accelerator, the assistance is also diverted from their initial functions.According to the hacker, the car could stop on its own thanks to the data of open street map.
Hacking consists in sending instructions in the calculator that we see in the foreground, via the diagnostic taking of the vehicle.These are free software that does the job.It is then possible to divert all assistance and sensors in order to deliver an autonomous driving mode.© Futura
Help strengthen the safety of cars
This is in this way that in 2019, the hacker traveled 10.000 km without touching the steering wheel of the Toyota HRV presented on the stand. « C'est tout à fait illégal»», rappelle Gaël Musquet, mais cela vient prouver, hormis chez Tesla qui fait tester les vulnérabilités de ses modèles par des hackers, que les problématiques de cybersécurité ne sont pas prises en compte par la majorité des constructeurs et équipementiers automobiles.
"Imagine the result if someone maliciously goes a little further. Ce n'est pas de la science-fiction ; en modifiant un peu tout ça, je peux faire piloter la voiture via une manette de jeux par mon fils de 12 ans»».By this type of action, the hacker wants the manufacturers and in particular, the French, align themselves with the example of Tesla and start to collaborate with hackers to improve vehicle safety.For the moment, they seem to remain deaf to his requests.
Intéressé par ce que vous venez de lire ?Abonnez-vous à la lettre d'information La quotidienne : nos dernières actualités du jour. Toutes nos lettres d’information!
Thank you for your registration.Happy to count you among our readers!