Chips for water dispensers...

[Dean Hoffman]

This article talks about GE refrigerators that have a chip installed
in the filter to be sure it is a GE product. It goes on to talk about
coffee makers, printers, and ventilators that have some sort of lock on
them.
<https://outline.com/MpWq8k>
The commentary is from James B. Meigs in Commentary Magazine.

 

[server]

On Fri, 21 Aug 2020 06:41:30 -0500, Dean Hoffman
<dh0496@windstream.net> wrote:

This article talks about GE refrigerators that have a chip installed
in the filter to be sure it is a GE product. It goes on to talk about
coffee makers, printers, and ventilators that have some sort of lock on
them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

GE appliances are cheap junk. Of course they want to punish you for
being dumb enough to buy them.

But who would buy a networked toothbrush?

I have a friend whose house is full of networked stuff... thermostats,
light switches, door lock, even the kitchen oven. Nightmare.

I always try to buy stuff that doesn\'t have electronics.



--

John Larkin Highland Technology, Inc

Science teaches us to doubt.

Claude Bernard

 

[Don Y]

On 8/21/2020 4:41 AM, Dean Hoffman wrote:

This article talks about GE refrigerators that have a chip installed in the
filter to be sure it is a GE product. It goes on to talk about coffee makers,
printers, and ventilators that have some sort of lock on them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

This sort of thing has been in use for 30+ years. There\'s a firm
that makes a medical diagnostic device that relies on distilled water
to operate. The distilled water is sold in \"chipped\" vials -- to
allow it to control the supply (presumably to ensure the \"quality\"
of the material and the accuracy of the test result).

Toner cartridges have been chipped. And, the chip not just used as
a Go/NoGo indicator to the host electronics but, also, TRACKS the
number of pages printed and, eventually, \"expires\". This prevents
a \"thrifty\" user from refilling the cartridge! Again, to ensure the
quality of the resulting prints.

This is nothing different than giving away toilet paper dispensers
that require a refill roll with an overly large inner core diameter
(so, competitor rolls won\'t fit!)

It boils down to FUD -- with a mechanical reinforcement!

 

[Don Y]

On 8/21/2020 7:26 AM, jlarkin@highlandsniptechnology.com wrote:

On Fri, 21 Aug 2020 06:41:30 -0500, Dean Hoffman
dh0496@windstream.net> wrote:

This article talks about GE refrigerators that have a chip installed
in the filter to be sure it is a GE product. It goes on to talk about
coffee makers, printers, and ventilators that have some sort of lock on
them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

GE appliances are cheap junk. Of course they want to punish you for
being dumb enough to buy them.

But who would buy a networked toothbrush?

I have a friend whose house is full of networked stuff... thermostats,
light switches, door lock, even the kitchen oven. Nightmare.

I always try to buy stuff that doesn\'t have electronics.

Do you disable the network in your car that allows the headlights
and radio to be controlled via the same set of wires? Insist on
owning older vehicles that predate the use of electronics? Think
YOU are the only one qualified to design an electronic device?

 

[server]

On Fri, 21 Aug 2020 10:33:57 -0700, Don Y
<blockedofcourse@foo.invalid> wrote:

On 8/21/2020 7:26 AM, jlarkin@highlandsniptechnology.com wrote:
On Fri, 21 Aug 2020 06:41:30 -0500, Dean Hoffman
dh0496@windstream.net> wrote:

This article talks about GE refrigerators that have a chip installed
in the filter to be sure it is a GE product. It goes on to talk about
coffee makers, printers, and ventilators that have some sort of lock on
them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

GE appliances are cheap junk. Of course they want to punish you for
being dumb enough to buy them.

But who would buy a networked toothbrush?

I have a friend whose house is full of networked stuff... thermostats,
light switches, door lock, even the kitchen oven. Nightmare.

I always try to buy stuff that doesn\'t have electronics.

Do you disable the network in your car that allows the headlights
and radio to be controlled via the same set of wires? Insist on
owning older vehicles that predate the use of electronics? Think
YOU are the only one qualified to design an electronic device?

Welcome to my kill list.



--

John Larkin Highland Technology, Inc

Science teaches us to doubt.

Claude Bernard

 

[Don Y]

On 8/21/2020 10:40 AM, jlarkin@highlandsniptechnology.com wrote:

On Fri, 21 Aug 2020 10:33:57 -0700, Don Y
blockedofcourse@foo.invalid> wrote:

On 8/21/2020 7:26 AM, jlarkin@highlandsniptechnology.com wrote:
On Fri, 21 Aug 2020 06:41:30 -0500, Dean Hoffman
dh0496@windstream.net> wrote:

This article talks about GE refrigerators that have a chip installed
in the filter to be sure it is a GE product. It goes on to talk about
coffee makers, printers, and ventilators that have some sort of lock on
them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

GE appliances are cheap junk. Of course they want to punish you for
being dumb enough to buy them.

But who would buy a networked toothbrush?

I have a friend whose house is full of networked stuff... thermostats,
light switches, door lock, even the kitchen oven. Nightmare.

I always try to buy stuff that doesn\'t have electronics.

Do you disable the network in your car that allows the headlights
and radio to be controlled via the same set of wires? Insist on
owning older vehicles that predate the use of electronics? Think
YOU are the only one qualified to design an electronic device?

Welcome to my kill list.

Glad to be here!

 

[Ricketty C]

On Friday, August 21, 2020 at 1:40:31 PM UTC-4, jla...@highlandsniptechnology.com wrote:

On Fri, 21 Aug 2020 10:33:57 -0700, Don Y
blockedofcourse@foo.invalid> wrote:

On 8/21/2020 7:26 AM, jlarkin@highlandsniptechnology.com wrote:
On Fri, 21 Aug 2020 06:41:30 -0500, Dean Hoffman
dh0496@windstream.net> wrote:

This article talks about GE refrigerators that have a chip installed
in the filter to be sure it is a GE product. It goes on to talk about
coffee makers, printers, and ventilators that have some sort of lock on
them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

GE appliances are cheap junk. Of course they want to punish you for
being dumb enough to buy them.

But who would buy a networked toothbrush?

I have a friend whose house is full of networked stuff... thermostats,
light switches, door lock, even the kitchen oven. Nightmare.

I always try to buy stuff that doesn\'t have electronics.

Do you disable the network in your car that allows the headlights
and radio to be controlled via the same set of wires? Insist on
owning older vehicles that predate the use of electronics? Think
YOU are the only one qualified to design an electronic device?

Welcome to my kill list.

Larkin! Love him or leave him!!!

What a day tripper. I found out... I found out.

--

Rick C.

- Get 1,000 miles of free Supercharging
- Tesla referral code - https://ts.la/richard11209

 

[Dean Hoffman]

On 8/21/20 12:32 PM, Don Y wrote:

On 8/21/2020 4:41 AM, Dean Hoffman wrote:
   This article talks about GE refrigerators that have a chip
installed in the filter to be sure it is a GE product. It goes on to
talk about coffee makers, printers, and ventilators that have some
sort of lock on them.
https://outline.com/MpWq8k
   The commentary is from James B. Meigs in Commentary Magazine.

This sort of thing has been in use for 30+ years.  There\'s a firm
that makes a medical diagnostic device that relies on distilled water
to operate.  The distilled water is sold in \"chipped\" vials -- to
allow it to control the supply (presumably to ensure the \"quality\"
of the material and the accuracy of the test result).

Toner cartridges have been chipped.  And, the chip not just used as
a Go/NoGo indicator to the host electronics but, also, TRACKS the
number of pages printed and, eventually, \"expires\".  This prevents
a \"thrifty\" user from refilling the cartridge!  Again, to ensure the
quality of the resulting prints.

This is nothing different than giving away toilet paper dispensers
that require a refill roll with an overly large inner core diameter
(so, competitor rolls won\'t fit!)

It boils down to FUD -- with a mechanical reinforcement!

I learned something again today. I\'ve never heard of this stuff
before.

 

[Tabby]

On Friday, 21 August 2020 21:15:33 UTC+1, Dean Hoffman wrote:

On 8/21/20 12:32 PM, Don Y wrote:
On 8/21/2020 4:41 AM, Dean Hoffman wrote:

   This article talks about GE refrigerators that have a chip
installed in the filter to be sure it is a GE product. It goes on to
talk about coffee makers, printers, and ventilators that have some
sort of lock on them.
https://outline.com/MpWq8k
   The commentary is from James B. Meigs in Commentary Magazine.

This sort of thing has been in use for 30+ years.  There\'s a firm
that makes a medical diagnostic device that relies on distilled water
to operate.  The distilled water is sold in \"chipped\" vials -- to
allow it to control the supply (presumably to ensure the \"quality\"
of the material and the accuracy of the test result).

Toner cartridges have been chipped.  And, the chip not just used as
a Go/NoGo indicator to the host electronics but, also, TRACKS the
number of pages printed and, eventually, \"expires\".  This prevents
a \"thrifty\" user from refilling the cartridge!  Again, to ensure the
quality of the resulting prints.

This is nothing different than giving away toilet paper dispensers
that require a refill roll with an overly large inner core diameter
(so, competitor rolls won\'t fit!)

It boils down to FUD -- with a mechanical reinforcement!

I learned something again today. I\'ve never heard of this stuff
before.

I\'ll never forget watching a demo of a guy with a laptop creating complete brake failure in a car that was only connected by wireless dongle. Die-by-wire electronics.


NT

 

[Lasse Langwadt Christensen]

fredag den 21. august 2020 kl. 22.31.16 UTC+2 skrev Tabby:

On Friday, 21 August 2020 21:15:33 UTC+1, Dean Hoffman wrote:
On 8/21/20 12:32 PM, Don Y wrote:
On 8/21/2020 4:41 AM, Dean Hoffman wrote:

   This article talks about GE refrigerators that have a chip
installed in the filter to be sure it is a GE product. It goes on to
talk about coffee makers, printers, and ventilators that have some
sort of lock on them.
https://outline.com/MpWq8k
   The commentary is from James B. Meigs in Commentary Magazine.

This sort of thing has been in use for 30+ years.  There\'s a firm
that makes a medical diagnostic device that relies on distilled water
to operate.  The distilled water is sold in \"chipped\" vials -- to
allow it to control the supply (presumably to ensure the \"quality\"
of the material and the accuracy of the test result).

Toner cartridges have been chipped.  And, the chip not just used as
a Go/NoGo indicator to the host electronics but, also, TRACKS the
number of pages printed and, eventually, \"expires\".  This prevents
a \"thrifty\" user from refilling the cartridge!  Again, to ensure the
quality of the resulting prints.

This is nothing different than giving away toilet paper dispensers
that require a refill roll with an overly large inner core diameter
(so, competitor rolls won\'t fit!)

It boils down to FUD -- with a mechanical reinforcement!

I learned something again today. I\'ve never heard of this stuff
before.

I\'ll never forget watching a demo of a guy with a laptop creating complete brake failure in a car that was only connected by wireless dongle. Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have to get
inside the car to do that

 

[Don Y]

On 8/21/2020 1:15 PM, Dean Hoffman wrote:

On 8/21/20 12:32 PM, Don Y wrote:
On 8/21/2020 4:41 AM, Dean Hoffman wrote:
This article talks about GE refrigerators that have a chip installed in
the filter to be sure it is a GE product. It goes on to talk about coffee
makers, printers, and ventilators that have some sort of lock on them.
https://outline.com/MpWq8k
The commentary is from James B. Meigs in Commentary Magazine.

This sort of thing has been in use for 30+ years. There\'s a firm
that makes a medical diagnostic device that relies on distilled water
to operate. The distilled water is sold in \"chipped\" vials -- to
allow it to control the supply (presumably to ensure the \"quality\"
of the material and the accuracy of the test result).

Toner cartridges have been chipped. And, the chip not just used as
a Go/NoGo indicator to the host electronics but, also, TRACKS the
number of pages printed and, eventually, \"expires\". This prevents
a \"thrifty\" user from refilling the cartridge! Again, to ensure the
quality of the resulting prints.

This is nothing different than giving away toilet paper dispensers
that require a refill roll with an overly large inner core diameter
(so, competitor rolls won\'t fit!)

It boils down to FUD -- with a mechanical reinforcement!

I learned something again today.

Then today was a GREAT day! :>

> I\'ve never heard of this stuff before.

There are many industries where you sell a piece of kit at or below
cost -- because the \"consumer\" has a low price point in mind (e.g.,
a business has limited capital equipment budgets but often can spend
considerably more on recurring \"supplies\").

Your hope, then, is to make up the lost profits in the sale of
\"supplies\" (or services). Cheap inkjet printers! :>

So, how do you prevent someone else from coming along and selling
\"bottled distilled water\" at 10% above their BOTTLED WATER cost?
I.e., they aren\'t burdened by having to recover development costs
for an expensive bit of kit or \"forfeited profits\".

Inkjet printers sold proprietary ink cartridges to interfere with
after market knock offs (does the average user really CARE about
the quality of the ink in a cartridge? are they even capable of
perceiving any differences -- other than price?).

Then, folks got smart and started refilling the cartridges.
(OfficeMax used to give you a $2 credit for GENUINE HP cartridges...
that they would obviously refill in front of your eyes!)

So, put an end-of-life indication IN the cartridge so that it
refuses to operate -- even if completely full of ink -- after
it THINKS it should be empty.

So, user who purchases a refilled cartridge and only gets 100 pages
out of it feels cheated and stops buying those cartridges.

Or, user returns cartridge to 3rd party refiller -- who then has
to deal with replacing it for free (thereby incurring twice
the refilling labor and sale processing).

In the early 80\'s, video (arcade) games were a hot commodity.
A legitimate firm would spend man-years developing a game...
with no certainty that it would be a success (the \"90-day-wonders\"
that quickly went out of fashion before earning much for their
owner-operators! Owner-operators who take a hit are less
inclined to buy your next offering if they lost money on your
previous one!). A counterfeiting operation could CLONE an
existing game in a week or less and sell it at half your price.

Of course, they couldn\'t make a LITERAL copy of your game as they\'d
be impounded in customs (most counterfeiters were abroad, at least
wrt the US market).

So, they\'d make cosmetic changes -- different paint job, different
name, replace little blue men with little green women, etc. To
anyone familiar with the genuine article, it was obvious that this
was a knock-off. And, to the owner-operator, their sales (play)
figures would confirm this (\"Hey, I get just as much play on
that Knockoff2000 as I do on the <name-brand-game> and it cost
me half as much!\")

Legitimate developers now need a way to ensure copying can\'t be
profitable. Because their DEVELOPMENT costs -- that they hope
to recover in unit sales -- are considerably higher than a guy
operating in his garage and cranking out copies (of the same
circuit boards, etc.)

An obvious approach is to (effectively) \"sign\" the binaries.
But, the technology of the day didn\'t make that practical.
You could modify the signature to treat your modified CODE
as \"legitimate\".

And, any attempts to detect alteration that resulted in the game
\"refusing to play\" would be hard fails -- so, the counterfeiter could
just look at where the \"failure\" was detected and tweek the code
to avoid that detection. Lather, rinse, repeat.

The way you hurt the counterfeiters is by NOT \"refusing to play\"
but, rather, deliberately inject malfunctions into \"normal play\".
And, doing so seemingly randomly. This makes it very hard for
the counterfeiter to figure out WHERE you are \"disturbing\" the
normal operation of the game. So, at best, it greatly delays
how soon he can get his copy into the market AND increases
his cost in doing so. As well as adding to the uncertainty
that his game WILL be \"functional\"!

Arcade patron drops a coin in the slot and game starts \"cheating\"
or misbehaving. Player feels cheated. Stops dropping coins into
slot. Tells friends \"that game is buggy!\" (never realizing that
the game is operating exactly as it was designed to operate!).
Owner-operator sees game is not getting enough play and, over
time, learns the FlyByNight\'s games are duds -- despite their
low price point.

*You* live to fight another day!

You\'re always faced with this issue when the market expects a
lower-than-effective pricepoint for your product. Look at how
many gyrations PC-based software goes through and they still
can\'t stop counterfeiting! So, they have to make the product
RELY on something that they CAN control -- a *service* that
they can remotely/centrally provide/impose!

 

[Don Y]

On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this stuff
before.

I\'ll never forget watching a demo of a guy with a laptop creating complete
brake failure in a car that was only connected by wireless dongle.
Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have to get
inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

A common present-day scam involves keyfobs that unlock (car) doors
when in proximity to the vehicle AND the door handle is grasped.

Build a repeater assembly. Put one \"end\" in your pocket, the other
in your conspirator\'s pocket. Have him CLOSELY follow the car\'s owner
into the store -- just staying in range of their keyfob.

You, meanwhile, approach THEIR vehicle, holding your end of the
extender close to the vehicle as you grab the door handle. Hear it
unlock. Step inside. Press the START button. Drive by and retrieve
your conspiratorial friend as you exit the area.

 

[Lasse Langwadt Christensen]

lørdag den 22. august 2020 kl. 00.45.49 UTC+2 skrev Don Y:

On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this stuff
before.

I\'ll never forget watching a demo of a guy with a laptop creating complete
brake failure in a car that was only connected by wireless dongle.
Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have to get
inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

only after he has been inside the car to install the dongle to the CAN bus

 

[Don Y]

On 8/21/2020 4:31 PM, Lasse Langwadt Christensen wrote:

lørdag den 22. august 2020 kl. 00.45.49 UTC+2 skrev Don Y:
On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this stuff
before.

I\'ll never forget watching a demo of a guy with a laptop creating complete
brake failure in a car that was only connected by wireless dongle.
Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have to get
inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

only after he has been inside the car to install the dongle to the CAN bus

No. It is possible to gain access to the systems through the wireless
interface to the manufacturer. E.g., many cars can be \"unlocked\"
(when you forget your keys) remotely -- from a VERY long distance.
The same interface can be exploited for access to other systems.

<https://www.gmc.com/gmc-life/technology/stay-connected-with-the-mygmc-mobile-app>

IIRC, the entertainment system and ECU systems share a single network.
So, even \"non operational\" features can be accessed.

\"In theory\", this shouldn\'t be possible. But, PRACTICE is often
different than THEORY! (the system architect should have seriously
evaluated WHY the two systems should ever be interconnected!)

 

[Lasse Langwadt Christensen]

lørdag den 22. august 2020 kl. 01.36.53 UTC+2 skrev Don Y:

On 8/21/2020 4:31 PM, Lasse Langwadt Christensen wrote:
lørdag den 22. august 2020 kl. 00.45.49 UTC+2 skrev Don Y:
On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this stuff
before.

I\'ll never forget watching a demo of a guy with a laptop creating complete
brake failure in a car that was only connected by wireless dongle.
Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have to get
inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

only after he has been inside the car to install the dongle to the CAN bus

No. It is possible to gain access to the systems through the wireless
interface to the manufacturer. E.g., many cars can be \"unlocked\"
(when you forget your keys) remotely -- from a VERY long distance.
The same interface can be exploited for access to other systems.

https://www.gmc.com/gmc-life/technology/stay-connected-with-the-mygmc-mobile-app

IIRC, the entertainment system and ECU systems share a single network.
So, even \"non operational\" features can be accessed.

there are usually several networks, but some devices might require data from multiple, like a dash that needs to show rpm from the ECU and what channel the radio is on

\"In theory\", this shouldn\'t be possible. But, PRACTICE is often
different than THEORY! (the system architect should have seriously
evaluated WHY the two systems should ever be interconnected!)

yes in theory it might be possible, but as far as I know no one has
succeed other than by physically connecting a dongle to the OBD connector

 

[Don Y]

On 8/21/2020 4:49 PM, Lasse Langwadt Christensen wrote:

lørdag den 22. august 2020 kl. 01.36.53 UTC+2 skrev Don Y:
On 8/21/2020 4:31 PM, Lasse Langwadt Christensen wrote:
lørdag den 22. august 2020 kl. 00.45.49 UTC+2 skrev Don Y:
On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this
stuff before.

I\'ll never forget watching a demo of a guy with a laptop creating
complete brake failure in a car that was only connected by
wireless dongle. Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have
to get inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

only after he has been inside the car to install the dongle to the CAN
bus

No. It is possible to gain access to the systems through the wireless
interface to the manufacturer. E.g., many cars can be \"unlocked\" (when
you forget your keys) remotely -- from a VERY long distance. The same
interface can be exploited for access to other systems.

https://www.gmc.com/gmc-life/technology/stay-connected-with-the-mygmc-mobile-app

IIRC, the entertainment system and ECU systems share a single network.

So, even \"non operational\" features can be accessed.

there are usually several networks, but some devices might require data from
multiple, like a dash that needs to show rpm from the ECU and what channel
the radio is on

There are intentional bridges between the networks. And, with code-injection
attacks (including reflashing ECUs!), you can create an arbitrary bridge.

\"In theory\", this shouldn\'t be possible. But, PRACTICE is often different
than THEORY! (the system architect should have seriously evaluated WHY
the two systems should ever be interconnected!)

yes in theory it might be possible, but as far as I know no one has succeed
other than by physically connecting a dongle to the OBD connector

(Note that I indicated a means by which you can gain entry to a vehicle
if you are present when the driver EXITS the vehicle. So, if you want to
*rely* on OBDII, install your hack at that time)

Otherwise:

http://illmatics.com/car_hacking.pdf
http://www.autosec.org/pubs/woot-foster.pdf
http://www.autosec.org/pubs/cars-oakland2010.pdf
http://www.autosec.org/pubs/cars-usenixsec2011.pdf
http://illmatics.com/Remote%20Car%20Hacking.pdf
http://illmatics.com/remote%20attack%20surfaces.pdf

 

[Lasse Langwadt Christensen]

lørdag den 22. august 2020 kl. 01.59.32 UTC+2 skrev Don Y:

On 8/21/2020 4:49 PM, Lasse Langwadt Christensen wrote:
lørdag den 22. august 2020 kl. 01.36.53 UTC+2 skrev Don Y:
On 8/21/2020 4:31 PM, Lasse Langwadt Christensen wrote:
lørdag den 22. august 2020 kl. 00.45.49 UTC+2 skrev Don Y:
On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this
stuff before.

I\'ll never forget watching a demo of a guy with a laptop creating
complete brake failure in a car that was only connected by
wireless dongle. Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have
to get inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

only after he has been inside the car to install the dongle to the CAN
bus

No. It is possible to gain access to the systems through the wireless
interface to the manufacturer. E.g., many cars can be \"unlocked\" (when
you forget your keys) remotely -- from a VERY long distance. The same
interface can be exploited for access to other systems.

https://www.gmc.com/gmc-life/technology/stay-connected-with-the-mygmc-mobile-app

IIRC, the entertainment system and ECU systems share a single network.

So, even \"non operational\" features can be accessed.

there are usually several networks, but some devices might require data from
multiple, like a dash that needs to show rpm from the ECU and what channel
the radio is on

There are intentional bridges between the networks. And, with code-injection
attacks (including reflashing ECUs!), you can create an arbitrary bridge.

\"In theory\", this shouldn\'t be possible. But, PRACTICE is often different
than THEORY! (the system architect should have seriously evaluated WHY
the two systems should ever be interconnected!)

yes in theory it might be possible, but as far as I know no one has succeed
other than by physically connecting a dongle to the OBD connector

(Note that I indicated a means by which you can gain entry to a vehicle
if you are present when the driver EXITS the vehicle. So, if you want to
*rely* on OBDII, install your hack at that time)

still means physical access to the car, so you could just as well cut the
brake lines

 

[Don Y]

On 8/21/2020 6:02 PM, Lasse Langwadt Christensen wrote:

lørdag den 22. august 2020 kl. 01.59.32 UTC+2 skrev Don Y:
On 8/21/2020 4:49 PM, Lasse Langwadt Christensen wrote:
lørdag den 22. august 2020 kl. 01.36.53 UTC+2 skrev Don Y:
On 8/21/2020 4:31 PM, Lasse Langwadt Christensen wrote:
lørdag den 22. august 2020 kl. 00.45.49 UTC+2 skrev Don Y:
On 8/21/2020 1:46 PM, Lasse Langwadt Christensen wrote:

I learned something again today. I\'ve never heard of this
stuff before.

I\'ll never forget watching a demo of a guy with a laptop creating
complete brake failure in a car that was only connected by
wireless dongle. Die-by-wire electronics.

he could just as well have cut the brakes lines, doesn\'t even have
to get inside the car to do that

Doing it remotely means he doesn\'t even have to APPROACH the car!

only after he has been inside the car to install the dongle to the CAN
bus

No. It is possible to gain access to the systems through the wireless
interface to the manufacturer. E.g., many cars can be \"unlocked\" (when
you forget your keys) remotely -- from a VERY long distance. The same
interface can be exploited for access to other systems.

https://www.gmc.com/gmc-life/technology/stay-connected-with-the-mygmc-mobile-app

IIRC, the entertainment system and ECU systems share a single network.

So, even \"non operational\" features can be accessed.

there are usually several networks, but some devices might require data from
multiple, like a dash that needs to show rpm from the ECU and what channel
the radio is on

There are intentional bridges between the networks. And, with code-injection
attacks (including reflashing ECUs!), you can create an arbitrary bridge.

\"In theory\", this shouldn\'t be possible. But, PRACTICE is often different
than THEORY! (the system architect should have seriously evaluated WHY
the two systems should ever be interconnected!)

yes in theory it might be possible, but as far as I know no one has succeed
other than by physically connecting a dongle to the OBD connector

(Note that I indicated a means by which you can gain entry to a vehicle
if you are present when the driver EXITS the vehicle. So, if you want to
*rely* on OBDII, install your hack at that time)

still means physical access to the car, so you could just as well cut the
brake lines

Did you read the cited references?