General STS thread

[kevm14]

Need the source to make the change.

And just about zero chance of all of that. Not sure if this car can even be connected to OnStar. Also, this is a very small set of vehicles in the grand scheme. Unless you are talking non-state actors that just like to ruin everything.

Could do a CRC check if I had the word....also this doesn't work on my car.

Interesting question on the CAN network. Obviously someone could still code a latent vulnerability and attempt to do a thing on the network. Or even deliberately corrupt the I/O stuff and take down the low speed side with jibberish. Should still run and drive but not 100% sure. Would be a fun experiment but none of this theory would make me thing more than 2 seconds about downloading and applying if it was for 05-07s.

[kevm14]

Also like I said before as long as it really came from Denso that's good enough.

[kevm14]

Also...you'd have to know some serious stuff about the head unit to even do this in the first place. Denso themselves cannot update the 05-07 because they don't have the source code. I'm gonna go with full risk acceptance on this one (if I could).

[kevm14]

Is there a separate OnStar module from the head unit?

Of course. There always was if for no other reason than supply logistics (different radios, same OnStar module).

Super bonus points for using the head unit to commendeer other CAN modules and ruin everything the head unit can talk to. Hopefully GM was smart and segragated the engine/body control CAN from the infotainment CAN in a way that can't be bridged by S/W.

I posted the architecture at some point. The two networks bridge via the instrument panel control module.

So I guess the challenge would be to enter from....a firmware update cd and eventually cripple the high speed network enough to disable the car. Or set the throttle to 100%. Computer can't steer (aside from stability control commands which would be enough to probably out the car in the weeds at 80mph). I can still put shifter in neutral or perhaps park worst case.

The entry vector is why none of this is a risk. OTA updates? Ok now you have my attention BUT at the very same time you have actual no kidding cyber hardening efforts. I've posted that before.

[kevm14]

viewtopic.php?f=16&t=2474&p=15256&#p15255

Bridges through IPM which also controls the cluster and a few other things. In fact you have a direct line to the IPM via the DLC.

Read the description doc. Pretty interesting.

[Adam]

https://www.caranddriver.com/news/a3026 ... ollection/

[Adam]

So it looks like the headunit can get to the PCM via the instrument cluster, but it needs to go through all the other high speed GMLan modules first. Got it.

[kevm14]

Well it's like token ring so I think all modules see all data. You'd have to deal with the IPM. Figure out a way to make it screw up the high speed LAN at a minimum to disable the car. Or I guess attempt to make it mimic commands of other things? The gas pedal connects directly to the ECM I think. So you'd have to actually compromise the ECM, not just issue some Network commands. Considering HP Tuners doesn't even sell software for this particular GM/Siemens ECM, not worried. Begs the question slightly for another ECM I guess.

Not saying any of this is impossible...just unlikely.

[Adam]

They dont sell software because only 3 people would buy it. Not because you can't modify the PCM.

You take over the radio (IPM) and have it do whatever you want. Better yet, take over the OnStar module remotely so you don't even need to be near the car.

Like that FCA thing. They did exactly what I'm talking about and took over multiple modules and disabled that Jeep remotely.

[Adam]

https://www.wired.com/2015/07/hackers-r ... p-highway/