Speak EV - Electric Car Forums banner

1 - 17 of 17 Posts

·
Registered
Kona PremSe64k 2020+bluelink +ohme
Joined
·
504 Posts
Discussion Starter #1
I have just watched this intriguing video
with very precise instructions to hack into a Hyundai to install your own android apps. Has anyone tried this? If this works then it might be possible to run zapmap, plugshare or abrp etc as your satnav systems right now!

I am very intrigued, if not slightly frightened. But then I guess I can always do a system reset.
 

·
Registered
Joined
·
4,929 Posts
You spent how much on your car and you are willing to do this? o_Oo_Oo_Oo_Oo_O😱😱😱😱😱😱😱😱😱😱😱😱

Would you do that on your 'phone? Your Smart TV? This is installing a file from an unknown unverifiable source into the root of your car's systems. I wouldn't have the knowledge to fully understand the content of the programme and how it could be used as a backdoor for others into your car's systems, and you can be 100% sure that Hyundai/Kia are not checking the effect of future releases of the various apps that you may install on their software. So even if what this programme does is non-malicious the unintended consequences of other third parties changing their apps cannot be predicted or understood.

The gentleman concerned may be very clever and entirely non-malicious, but the basic rule is assume that he is the devil incarnate when he suggests something like this.
 

·
Registered
Kona PremSe64k 2020+bluelink +ohme
Joined
·
504 Posts
Discussion Starter #3
You spent how much on your car and you are willing to do this
I am not saying I am going to do it. But asking the question whether other people have tried such as this makes sense to me. Also a geek I have done this sort of thing before elsewhere so I am not unfamiliar with the concepts.
 

·
Registered
Joined
·
288 Posts
Interesting stuff. As always - you never know whether to trust unknown source. And more importantly - will it work or will it brick your infotainment unit (Kona may have different soft version). And then there may be a problem when Hyundai updates your software during service.

But it confirm there is a way to get 3rd party apps :) Rooting is common way for enthusiasts to tweak mobiles / TV (way over my knowledge and risk level).

Personally I prefer to use mobile (for driver) + tablet (kids) to cover all other needs and connect sound via Bluetooth. Less risky ;-)
 

·
Registered
Joined
·
3 Posts
First of all, installing new programs does not require routing the tablet.
All applications can be downloaded from aptoide.com (no "unknown sources") For unknowns aka dk6780: Aptoide - Wikipedia. :)
I use what applications I want for over 1 year and it works flawlessly...beyond all it's just an android tablet.
When I went to the Hyundai service in December 2019 I told them that I didn't need any software updates because I have some applications installed like torque, VLC etc
@dk6780 Be careful not to use the card online :) who knows who comes and bites your nose...
If there were security issues, they would appear in the comments on that video on youtube
 

·
Registered
Joined
·
4,929 Posts
People had been using the wet fish market in Wuhan for years without issue, and nobody posted anything on forums about the issues there for at least a fortnight after issues arose. Admittedly bricking an infotainment system is not the same consequence, but it is not risk free. If people go into it with their eyes open to the multiple risks then that's up to them.
 

·
Registered
Joined
·
63 Posts
People had been using the wet fish market in Wuhan for years without issue, and nobody posted anything on forums about the issues there for at least a fortnight after issues arose. Admittedly bricking an infotainment system is not the same consequence, but it is not risk free. If people go into it with their eyes open to the multiple risks then that's up to them.
Are you somehow comparing Covid19 to installing an APK file onto an android device?
 

·
Registered
Joined
·
4,929 Posts
Admittedly bricking an infotainment system is not the same consequence, but it is not risk free.
Of course not, just saying that because there are not issues reported initially it doesn't mean that there aren't any.
 

·
Registered
Joined
·
3 Posts
Hackers need an internet connection. If the tablet is not connected to the internet I don't see what they can do.
 

·
Registered
Joined
·
864 Posts
...

I use what applications I want for over 1 year and it works flawlessly...beyond all it's just an android tablet.

In my car (EV Kona) the "tablet" and its associated UI allows me to monitor and control many of the car functions such as AC/ DC charging, HVAC etc.

So in my car I don't see it as " just an android tablet", to me its an essential part of the vehicle functionality...
 

·
Registered
Joined
·
4,929 Posts
Hackers need an internet connection. If the tablet is not connected to the internet I don't see what they can do.
How does the navigation system get its traffic data? Are all of the YouTube videos etc that you are accessing from it only via storage media?
 

·
Registered
Kona 64
Joined
·
578 Posts
See this courtesy of Which. it is possible that people can already hack into our cars systems. Why give them them an open window?

 

·
Registered
Kona PremSe64k 2020+bluelink +ohme
Joined
·
504 Posts
Discussion Starter #14
See this courtesy of Which. it is possible that people can already hack into our cars systems. Why give them them an open window?

The point of the article is that some EVs are open windows. Nothing to do with installing APKs, imo.
 

·
Registered
Joined
·
63 Posts
Cyber Security is a rather complex subject, believe me I know, I do it for a living, this is absolutely a new issue as cars become more and more connected, the article is a bit misleading as it talks about various attack types, physical access to a car is not a new threat, yes they could install malware to screw with the brakes, or crazy idea they could just damage the physical brake system.

The area I think is the biggest risk is OTA and always connected, in theory the infotainment system should be isolated and actually the huge amount of outsourcing has helped with this in the past, this was always separate as it was a different manufacturer, now though there is links, EV’s are a good example of this, if they need to access data like battery SOC, consumption etc they need to access other control systems. This should be read only but some manufacturers have been caught out in the past.

think is fair to say that manufacturers need to put more effort into Cyber but the saviour at the moment is most exploits are limited, they mention about a known vulnerability within a third party library, obviously they have not said which one but there is a strong chance that this would only be any use on an internet connected system, lookup the equivalent data breach as an example of what this looks like but in order to attack a system you need access, On normal systems you limit inbound internet access with firewalls, android does not really do this but the mobile network carriers will do some level of filtering.

so don’t be losing sleep over it quite yet, ultimately hackers will only attack a system that is either high value or widespread and can be abused (Mirai botnet utilising poorly secured IoT devices to DDos) to bring down DNS. if I had to take a guess Tesla will be the target and I don’t mean covering road signs to make the car behave strangely.

if you are interested look up Pen Test Partners they do a number of pen tests on devices including cars.
 

·
Registered
Joined
·
4,929 Posts
@AnthonyL
A balanced answer. For all internet connected systems that I have ever been involved with one recommendation from Pen testers is always to check the source of software and ensure that you are running a supported version, neither of which would be the case here. But you are correct that the chances of being targeted are low even if the consequences could be severe.
An acquaintance of mine works in security and loves modern cars with the facility for mobile telephony. He used to have to get his hand dirty to fit bugs to find out what people said in conversations in them, now all he has to do is sit behind a computer as the cars have built in microphones and transmitters.
 
1 - 17 of 17 Posts
Top