[TUHS] Windows roots and Unix influence (was Re: Happy birthday, Ken Thompson!)

Arthur Krewat krewat at kilonet.net
Tue Feb 6 09:20:58 AEST 2018


The CAN network is bi-directional, and I don't think it has any 
security. So any node on the CAN can read-write whatever the heck it 
wants to.

Plug in an OBD-II device, and using the right software (like Forscan) 
you can read/write all sorts of locations in the body-control module, 
flash new software into the PCM (powertrain control module), etc.

I suspect that if you have the entertainment system that has the ability 
to read PIDs in the PCM, for example, road speed, that same interface 
could be used to write values as well.

My 2013 Taurus SHO came with Sync 2 - which ran Windows CE. Thankfully, 
it wasn't a "server" and WiFi wasn't enabled. Now my 2016 Taurus SHO has 
Sync 3 running QNX. I am not amused ;)

On 2/5/2018 4:57 PM, Ron Natalie wrote:
> There's certainly been demonstrations of vehicles being taken over via the entertainment system; why the stereo needs to talk to the engine computer I'll never know...  I know, wind up the volume the faster you go etc, but surely it ought to be one-way?



More information about the TUHS mailing list