i am surprised nobody talked about security...i am guessing the OBD interface in cars can be used to send commands to various components....could somebody hack into your car??
Modern vehicles report OBD-II signals over Controller Area Network, which is used to link most the controllers in your vehicle. All cars after 2008 in the states use CAN for OBD-II.
Most manufacturers have the OBD-II CAN bus connected to the engine controller for diagnostic purposes. If you can gain control of the CAN bus, you can do some real damage to the car. Furthermore, the hardware must write to the bus to get OBD-II data (it's a request/response system), so it's not a read only device.
This, a million times this. My understanding also is that the ODB port on many/most vehicles goes straight into the CAN bus controlling everything in the car. It's entirely possible you could gain control over any microcontroller in the car, send false messages, drown the bus, etc. through a device like this. It's a TERRIBLE idea from a security perspective.
OBD-II, as I understand it, is a multimaster bus protocol, which means any master can send commands. That said, the commands that are exposed to the under-dash interface are restricted to interrogation. The emissions check people can tell how well your O2 sensors are performing but they can't modify the ignition or timing profile, for example.
You can indeed "hack" your car. In fact, ECU flashing is one of the most common upgrades for people who want more power out of their cars because it requires no physical parts.
It's generally done commercially [1][2] though there are attempts at user-configurable software [3]. Now I'm no expert on ECU flashing so these links are just examples.
That doesn't mean that the security issue doesn't exist. Via wikipedia:
"Researchers at the University of Washington and University of California examined the security around OBD, and found that they were able to gain control over many vehicle components via the interface. Furthermore, they were able to upload new firmware into the engine control units. Their conclusion is that vehicle embedded systems are not designed with security in mind."
evck|13 years ago
Most manufacturers have the OBD-II CAN bus connected to the engine controller for diagnostic purposes. If you can gain control of the CAN bus, you can do some real damage to the car. Furthermore, the hardware must write to the bus to get OBD-II data (it's a request/response system), so it's not a read only device.
ghostfish|13 years ago
zrail|13 years ago
cleverjake|13 years ago
vostrocity|13 years ago
It's generally done commercially [1][2] though there are attempts at user-configurable software [3]. Now I'm no expert on ECU flashing so these links are just examples.
[1] http://changegears.wordpress.com/2011/05/17/apr-stage-1-ecu-... [2] http://www.velocityfactor.net/scripts/prodview.asp?idproduct... [3] http://www.tactrix.com/index.php?option=com_content&view...
fudged71|13 years ago
"Researchers at the University of Washington and University of California examined the security around OBD, and found that they were able to gain control over many vehicle components via the interface. Furthermore, they were able to upload new firmware into the engine control units. Their conclusion is that vehicle embedded systems are not designed with security in mind."
54mf|13 years ago