6 Feb
2018
6 Feb
'18
5:20 a.m.
The CAN network is bi-directional, and I don't think it has any
security. So any node on the CAN can read-write whatever the heck it
wants to.
Plug in an OBD-II device, and using the right software (like Forscan)
you can read/write all sorts of locations in the body-control module,
flash new software into the PCM (powertrain control module), etc.
I suspect that if you have the entertainment system that has the ability
to read PIDs in the PCM, for example, road speed, that same interface
could be used to write values as well.
My 2013 Taurus SHO came with Sync 2 - which ran Windows CE. Thankfully,
it wasn't a "server" and WiFi wasn't enabled. Now my 2016 Taurus SHO
has
Sync 3 running QNX. I am not amused ;)
On 2/5/2018 4:57 PM, Ron Natalie wrote:
There's certainly been demonstrations of vehicles
being taken over via the entertainment system; why the stereo needs to talk to the engine
computer I'll never know... I know, wind up the volume the faster you go etc, but
surely it ought to be one-way?