As modern day agencies work with their local High Tech Crime Investigators Associations(HTCIA), Dick Tracy has also kept up to date with criminal uses of tech. In fact in late 1989-early 1990, detective Tracy had a story arc that covered criminals using attacks on HVAC systems, automotive computer systems, logic bombs and a video game to commit data theft/destruction and real life murder. Dick Tracy went to various subject matter experts(SMEs) to become qualified on the new technology law enforcement faced.
 |
| In order to solve a difficult case Dick Tracy approaches subject matter experts on car computer systems. |
In the course of the story Dick Tracy sees a bunch of murders that could only have been committed via the use of computerized systems, a hallmark of one of his villains Memory Banks. Poor Memory had passed away and so he was in the clear. Or one would think. It turned out that Memory had a neural network "clone" of himself and had partnered with his sister Data Banks to take revenge on his enemies. They kill off one criminal colleague by setting off the sprinklers with scalding hot water in his apartment, driving him screaming into an elevator shaft.
 |
| Walter "Worm" Wendell tried testifying against his employers. They didn't think that was a good idea. |
Memory's widow and her new lover are killed when their car unintentionally accelerates and they drive off a cliff.
 |
| Memory's wife Diane Dreeg and lawyer/lover Al Lemoni. |
In the end Dick Tracy faces off in a life and death battle with the AI version of Memory Banks. Most law enforcement and others involved in Information Security do not need to go that far to track down high tech criminals. Faced with newer technology like the Internet of Things or Automotive telematics systems, what would Dick Tracy do? If he needed to get up to speed on the embedded systems that run today's late model cars, a good start would be picking up a copy of the Car Hacker's Handbook.
OpenGarages' Car Hacker's Handbook
The Car Hacker's Handbook by Craig Smith is a short(about 70 page) tome. Hacking on cars is sort of like wizardry and OpenGarage's Car Hacker's Handbook is a spellbook; in the right hands it opens doors, in the wrong or untrained hands it simply raises more questions.
While ostensibly the Car Hacker's Handbook is targeted at novices in information security or embedded systems reverse engineering, much could be missed. It can feel sometime more like a conversation with the author than a full reverse engineering manual. I'm not discounting this method of instruction as I've had numerous such conversations with presenters at security conferences and they can be quite enlightening. Those discussions usually count on both parties having a shared knowledge base. A quick primer on software and firmware reverse engineering and network security would help unlock a good number of the nuggets in this slim volume.
Hacking and modifying an Infotainment system
A short chapter in the first third of the book provides nearly all the information one would need to investigate a Microsoft Auto/Windows Embedded(CE 7?) based interface. Having written a few short pamphlets to train others on reverse engineering embedded systems, I can see all the milestones Smith was aiming for, though the end result is still obscured. In a short four pages he passes over the following procedures
- identifying OS, firmware and executable versions
- locating/identifying update mechanism update files
- analyze/bypass simple file checksums
- extracting/analyzing/modifying firmware
- acquiring manufacturer SDKs
Not every step is explained and not every tool is introduced, yet there is enough for the experienced Reverse Engineer to follow in Smith's footsteps.
Where do I catch the CANBus?
The heart of the handbook introduces the reader to the various communication systems within a modern automobile before settling on discussing the CAN Bus. This is the most common bus over which messages travel between the components(e.g ECU, Radio, Tire Pressure Monitor, other sensors) of one's car.
The various interfaces to the ODB II ports(and thence on to the CAN Bus) one would find are detailed with wiring diagrams. From a hobbyist perspective or at least for a researcher with a limited budget, the book's concentration on open source software and hardware is quite appealing. Commercial rigs are eschewed over building one's own Engine Control Unit(ECU) workbench from recovered units in the junkyard. The book includes links to a good collection of open source CANBus monitoring software
The CAN Bus section eventually concludes with a humorous( likely unintentional) troubleshooting list when one performs their experiments. Pro tip: Know where your car's fuses are located.
Hotwiring - No really, like in the movies
While the handbook is not a criminal guide it does contain historical information on security bypass methods. There are short chapters covering "hotwiring" cars and cracking keypad combinations. Admittedly only ever having seen hotwiring on film or TV, this was a most enjoyable and archaic chapter.
As newer security features have obsoleted the technique, Smith covers how researchers can investigate modern security(keyfobs and immobilizers). The Handbook covers a number of potential attacks on Immobilizers without going over specific implementations of the attacks. The author assumes you know what an SDR is and what software one needs. Like with a Wizard, if you can't figure out the tools and components for a particular spell, you shouldn't be messing with it.
What's all this about "spells"?
There is a short sequence in the book on "weaponizing" exploits, implemented as the creation of a particular Metasploit module. If that last sentence made no sense to you, then the Car Hacker's Handbook will not turn you into a criminal hacker.
Exploits are like spells. Spells can be used for good and bad. They also require a lot of research to create. The Handbook provides a methodology(or actually a modification) for discovering vulnerabilities in automotive control systems.
The handbook is not yet an all in one resource for auto security nor is it a step by step guide. Eventually it may become so, or even better it will become a comprehensive introduction with links to further resources.
In the end the Car Hacker's Handbook definitely sends one in the right direction to hack on one own's car but it is still not an introduction on exploit development. It really is a Wizard's manual; if one already has the capability to "spellcast"(write exploits) on PCs, the Handbook will fill in a number of holes in your knowledge base.
The content of the book is available electronically for free, though one can purchase a physical copy at:
Amazon.com(paperback)
Barnes & Noble(paperback or ebook)
Google Play(ebook)
What would Dick Tracy Do?
Knowing where to look can sometimes be as useful as what to look for; the Handbook and the related OpenGarages wiki provide that direction. Dick Tracy knew it decades ago; when getting up to speed on a newer field, save time by going to the experts.
[1] A friend, Security Researcher Julia Wolf, recounted the ransomware or more specifically the logic bomb aspect of the Dick tracy storyline. Unfortunately her original copies of the comic strips were lost over the years. Tracking down copies of the comic strips was truly an adventure and enlightening on user education techniques from decades previous.
[2] Their research is referenced on the OpenGarages wiki. Miller and Valasek have also presented at the Def Con conference.
No comments:
Post a Comment