When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
Oh it'll happen. From what I understand, not having access to a the hardware is what is slowing people up. If they have the hardware and can capture a few updates, or, even better, get a full firmware dump, it'll get broken.
Oh it'll happen. From what I understand, not having access to a the hardware is what is slowing people up. If they have the hardware and can capture a few updates, or, even better, get a full firmware dump, it'll get broken.
The best cybersecurity people don't work for GM.
What would give them access to the hardware? Just buy a car, right?
It's been roughly years. You can buy parts from wrecked cars on eBay. There's plenty of other GM vehicles on this architecture now.. How much more "access" do they need?
This car uses a new security architecture that's unlike anything before it. Based on what I've read in the technical docs, it's not going to get cracked. Not so much because it's impossible, but because it's just way too much work to justify. The car's various computers are all linked and authenticated to each other. If you want a tune, you basically have to crack the whole car instead of just the ECM now.
It's been roughly years. You can buy parts from wrecked cars on eBay. There's plenty of other GM vehicles on this architecture now.. How much more "access" do they need?
This car uses a new security architecture that's unlike anything before it. Based on what I've read in the technical docs, it's not going to get cracked. Not so much because it's impossible, but because it's just way too much work to justify. The car's various computers are all linked and authenticated to each other. If you want a tune, you basically have to crack the whole car instead of just the ECM now.
I think it's even more than that Jeff, pretty sure it requires an encrypted handshake from the General, no way to come up with that.
Um, no. The people I knew that hacked the Teslas and Dodge cars don't work at a speed shop either. Smart people like hard challenges. There are even events where they setup cars like this and invite people to hack them.
I think it's even more than that Jeff, pretty sure it requires an encrypted handshake from the General, no way to come up with that.
You probably don't have to if you proxy the connection with a mitm.
The more vehicles use this setup, the more likely it'll get cracked. And even if we never modify our vehicle, we want this to happen. Restricting the ability to modify something you own can also mean restricting your ability to repair something you own. And you'll care about that 10 years from now when you're out of warranty.
You probably don't have to if you proxy the connection with a mitm.
The more vehicles use this setup, the more likely it'll get cracked. And even if we never modify our vehicle, we want this to happen. Restricting the ability to modify something you own can also mean restricting your ability to repair something you own. And you'll care about that 10 years from now when you're out of warranty.
That's not how it works. The calibration files are signed by GM before they're ever posted to their public facing servers. There's nothing to MITM.
Oh it'll happen. From what I understand, not having access to a the hardware is what is slowing people up. If they have the hardware and can capture a few updates, or, even better, get a full firmware dump, it'll get broken.
The best cybersecurity people don't work for GM.
Originally Posted by Dirtnap_TX
Um, no. The people I knew that hacked the Teslas and Dodge cars don't work at a speed shop either. Smart people like hard challenges. There are even events where they setup cars like this and invite people to hack them.
It'll get broken or made irrelevant.
You may be surprised to learn just how much GM did around this security:
Cybersecurity is another key pillar of the new architecture. The system’s DNA includes additional protective features at the hardware and software levels that reflect the company’s foresight in this regard.
GM was among the first automakers to create an integrated and dedicated global Product Cybersecurity organization, a team of experts within the company focused on protecting against the potential risk of unauthorized access to vehicles and customer data.
GM implemented years ago a security vulnerability disclosure program to engage more closely with the research community. It has matured to become a formal “bug bounty” program that continues to further strengthen GM’s cybersecurity efforts.
Global B uses encrypted messaging on the bus between modules.
GM also chairs the Auto-ISAC (Automotive Information Sharing & Analysis Center), a community of private and public-sector partners that shares and analyzes intelligence about emerging cybersecurity risks for the automotive industry.
The electronic platform was developed at GM facilities across the globe by a team of electrical, hardware and software engineers.
Global B has been on the C8, and the Cadillac CT4 and CT5 for 2 years now and nobody has cracked it yet. There's plenty of modules out there. Not saying it won't be hacked, but GM has the ability to effectively brick them if they are.
That's not how it works. The calibration files are signed by GM before they're ever posted to their public facing servers. There's nothing to MITM.
If GM is using RSM Public Key Encryption then nobody is going to "crack" the code. It's a long discussion but the computational requirements to do that are measured in terms of millions of years of computer time. Bitcoin works because the solution space is bigger than the number of atoms in the universe and there is no deterministic way to get there except by trying each possible solution one at a time. GM possibly didn't use that many bits, but maybe they did. As long as the private key remains private nobody is going to crack the ECU.
California will now fail your car on smog if the ECU software has been modified in any way... so being able to modify the ECU software is no longer worth messing with here and I wouldn't be surprised if other states do the same.
California will now fail your car on smog if the ECU software has been modified in any way... so being able to modify the ECU software is no longer worth messing with here and I wouldn't be surprised if other states do the same.
True. Moreover, EPA is now going after tuners for effectively installing defeat devices as defined by the Clean Air Act, which is a serious violation (think VW dieselgate). So far, I think most actions have been against diesel truck tuners, but other tuners are likely reconsidering their business in view of this risk. Do a simple search; lot's on this subject. Sad IMHO.
08-05-2021, 02:32 PM
GM Won't Help Aftermarket Tuners Crack C8's ECU
