Главная Регистрация FAQ Пользователи Покупка MITSUBISHI Поиск Сообщения за день Все разделы прочитаны

Вернуться   OUT-CLUB.RU > Технический раздел > Mitsubishi PHEV, HEV, EV > Outlander PHEV > Outlander PHEV - Отзывы

Важная информация


Ответ
 
Опции темы Опции просмотра
Старый 09.06.2016, 14:58   #1
Vladimir
Администратор
 
Аватар для Vladimir
 
Имя: Владимир
Авто: MITSUBISHI 2 & 4WD
Сообщений: 11,179
По умолчанию Хакеры взломали Outlander PHEV

Исследования начались после того, как специалист компании Pen Test Partners Кен Мунро рядом с припаркованным Outlander PHEV нашел на своем телефоне точку доступа Wi-Fi, используемую для управления некоторыми функциями автомобиля.

Эксплойт дает возможность получить удаленный доступ к большинству электронных систем автомобиля. Таким образом, хакерам удалось получить доступ к системе кондиционирования, контроля заряда аккумулятора (специалисты даже смогли на 100% разрядить его за короткое время), системе контроля фар и самое главное — к сигнализации.

Остается добавить, проблема, касающаяся несанкционированного доступа к системам автомобиля через мобильные приложения, возникала и раньше. Профессионалы по кибербезопасности указали производителю кроссовера на недочеты в системах гибрида, а еще рекомендовали перейти на не менее защищенные каналы передачи информации через GSM-сети. Эсперты также подчеркнули, что у них не получилось открыть автомобиль, но они смогли отключить сигнализацию.

Как обнаружили ученые, для доступа к Wi-Fi применяется ненадежный ключ безопасности. Чтобы взломать пароль, профессионалам потребовалось всего некоторое количество дней. Однако глобальное решение одно — перейти от Wi-Fi к GPS-соединению.
Vladimir вне форума   Вверх Ответить с цитированием
Старый 10.06.2016, 10:00   #2
eGreyWolf
Гуру раздела Третье поколение Outlander
 
Аватар для eGreyWolf
 
Имя: Сергей
Авто: Outlander RE MY 2013 2.4 CVT Ultimate
Сообщений: 3,297
По умолчанию Re: Хакеры взломали Outlander PHEV

Цитата:
Сообщение от Vladimir Посмотреть сообщение
перейти от Wi-Fi к GPS-соединению
GSM, наверное.
eGreyWolf вне форума   Вверх Ответить с цитированием
Старый 10.06.2016, 13:33   #3
Vladimir
Администратор
 
Аватар для Vladimir
 
Имя: Владимир
Авто: MITSUBISHI 2 & 4WD
Сообщений: 11,179
По умолчанию Re: Хакеры взломали Outlander PHEV

Цитата:
Сообщение от eGreyWolf Посмотреть сообщение
GSM, наверное.
Скорее всего, хотя чем черт не шутит

А вот и первоисточник с пособием по взлому:

Скрытый текст

What we found

What’s really unusual is the method of connecting the mobile app to the car. Most remote control apps for locating the car, flashing the headlights, locking it remotely etc. work using a web service. The web service is hosted by the car manufacturer or their service provider. This then connects to the vehicle using GSM to a module on the car. As a result, one can communicate with the vehicle over mobile data from virtually anywhere.
Different, but not better

The Outlander PHEV does it differently. Instead of a GSM module, there is a Wi-Fi access point on the vehicle. In order to connect to the car functions, we have to disconnect from any other Wi-Fi networks and explicitly connect to the car AP. From there, we have control over various functions of the car.
This has a massive disadvantage to the user in that we can only communicate with the car when in Wi-Fi range. I assume that it’s been designed like this to be much cheaper for Mitsubishi than a GSM / web service / mobile app based solution. There’s no GSM contract fees, no hosting fees, minimal development cost.
Unfortunately, we found that this system had not been implemented securely.
PSK, SSID and geolocation worries

The Wi-Fi pre shared key is written on a piece of paper included in the owners’ manual. The format is too simple and too short. We cracked it on a 4 x GPU cracking rig at less than 4 days. A much faster crack could be achieved with a cloud hosted service, or by buying more GPUs.
Capturing the handshake was more of a challenge, as the mobile device would have to be connected to the car at the time. We realised that the car was most likely to be parked at the owner’s house, where their mobile device would also be. By de-authing the mobile from the home Wi-Fi router continuously, there was a fair chance of it then connecting to the nearby car, at which point the handshake could be captured.

The access point has a unique SSID fortunately. It is of the format: [REMOTEnnaaaa] where ‘n’ are numbers and ‘a’ are lower case letters.
This means that you can search wigle.net and easily geolocate Outlander PHEVs. Here are a few in the UK, including some spotted whilst driving and others parked at the owner’s house:

A thief or hacker can therefore easily locate a car that is of interest to them.
It is possible to change the SSID, though not the PSK. It is possible to deactivate the AP. We will come to that later.
So, we know the SSID and have the PSK. What next?

Exploring the subnet showed a service on 192.168.8.46:8080. The IP address was static and identical across all cars that we looked at. Connecting to it showed the following:

So then we started a man in the middle and sniffed the Wi-Fi connection. This is where it got interesting!
The hack

First, we replayed various messages from the mobile app. After figuring out the binary protocol used for messaging, we could successfully turn the lights on and off.
Next, we messed around with the charging programme, from which we could force the car to charge up on premium rate electricity.
We could also turn the air conditioning or heating on/off to order, draining the battery. This is remarkably similar to the Nissan Leaf hack, though the next part is far worse than that.
Finally, we disabled the theft alarm. Yes, seriously

This took a bit of proving, as we didn’t want to have to break a window to make the point.

So, we sat inside the car whilst being very still and locked it. Then, waving my arms around, it was clear that the alarm was off.
I could then unlock the car using the handle on the inside of the door, without the alarm going sounding.
This is shocking and should not be possible.
Once unlocked, there is potential for many more attacks. The on board diagnostics port is accessible once the door is unlocked. Whilst we haven’t looked in detail at this, you may recall from a hack of some BMW vehicles which suggested that the OBD port could be used to code new keys for the car.
We also haven’t looked at connections between the Wi-Fi module and the Wi-Fi module and the Controller Area Network (CAN). There is certainly access to the infotainment system from the Wi-Fi module. Whether this extends to the CAN is something we need more time to investigate.
Short term fix

Unpair all mobile devices that have been connected to the car access point.
First, go to the car and connect your mobile phone to the access point on the car. Then, using the app, go to ‘Settings’ and select ‘Cancel VIN Registration’:


Once all paired devices are unpaired, the Wi-Fi module will effectively go to sleep. It cannot be powered up again until the car key remote is pressed ten times. A nice security feature.
This has the side effect of rendering the mobile app useless, but at least it fixes the security problem.
Medium term fix

The app has the ability to push new firmware to the Wi-Fi module. New firmware should be deployed urgently to fix this problem properly, so the mobile app can still be used.
Long term fix

Mitsubishi need to re-engineer the rather odd Wi-Fi AP – client connection method completely. A GSM module/web service method rather more like BMW Connected Drive would be much better long term. Words like ‘recall’ spring to mind.
Disclosure

Initial attempts by us to disclose privately to Mitsubishi were greeted with disinterest. We were a bit stumped at this point: As so often happens, the vendor takes no interest and public disclosure becomes an ethical dilemma.
So, we involved the BBC who helped us get their attention. Mitsubishi have since been very responsive to us! They are taking the issue very seriously at the highest levels.
A medium term fix is being worked on now.
We aren’t disclosing the exact binary message to disable the alarm at this point. We will, in a week or so, once owners have had a chance to disable the APs on their cars.
That said, it didn’t take much to figure it out!


Ссылка + видео

[свернуть]
Vladimir вне форума   Вверх Ответить с цитированием
Пользователь сказал cпасибо:
Старый 15.06.2016, 20:37   #4
фотограф
Житель Клуба
 
Имя: фотограф
Авто: Outlander PHEV
Сообщений: 311
По умолчанию Re: Хакеры взломали Outlander PHEV

Ну, вот еще пугалка. Это конечно не очень приятно, но я не стану отключать мобильное приложение. Если захотят угнать, подгонят эвакуатор и тю-тю машинка.
Приложение Remote Ctrl, довольно удобное и я часто им пользуюсь. Буду ждать "заплатку" от японцев.
фотограф вне форума   Вверх Ответить с цитированием
Ответ

Метки
outlander phev, phev, влом phev

Опции темы
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.

Быстрый переход

Текущее время: 09:00. Часовой пояс GMT +3.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc. Перевод: zCarot
Использование материалов сайта разрешается только при условии размещения активной ссылки на OUT-CLUB.RU
Copyright ©2006 - 2017, WWW.OUT-CLUB.RU