top | item 35454288

(no title)

Comma.ai is another great example of CANBUS hacking. I'm a bit worried there are a bunch of zero days sitting out there on CAN implementations. It's such a complicated system.

discuss

ziziyO|2 years ago

Newer Toyotas (Rav4 Prime and 2022+ Model years) are not compatible with Comma due to encryption, I would guess that probably also defeats this attack.

crazysim|2 years ago

On a RAV4 Prime (or RAV4 PHEV for those outside of North America), these ECUs reportedly have "ECU Security Key" (A SecOC implementation) or signed/authenticated CAN bus commands since replacing them requires a check in with a Toyota server to "Update ECU Security Key" :

ECM

Hybrid vehicle control ECU

Forward recognition camera

No. 2 skid control ECU (brake actuator assembly)

Rack and pinion power steering gear assembly

Clearance warning ECU assembly

Steering sensor

Central gateway ECU (network gateway ECU)

Combination meter assembly

Airbag sensor assembly

---

There's nothing about smart key in here specifically. Not sure on later "ECU Security Key" vehicles though. If someone were to look up replacement instructions for the Smart Key ECU on Toyota's TechInfo, and if it has ECU Security Key update as a step or not, that could answer this.

baldeagle|2 years ago

I believe either the data from the adaptive cruise radar, or the data to control the steering is encrypted. I don't know if lock controls are. It was a small but important subset

rasz|2 years ago

OF course it doesnt, Toyota locked out sensors and actuators used by Comma, not the immobilizer.

maxerickson|2 years ago

It's really only troublesome on stuff that has a radio. Like it's not great that you can take over an electronic device with brief physical access, but the physical access reduces the scope of the problem a lot.

RockRobotRock|2 years ago

Would love if they could add a keyless unlock feature to their devices.