Researchers found vulnerabilities in Bosch’s Drivelog Connect product which can be exploited by hackers to inject some malicious messages into the vehicle’s CAN bus. The vendor has already implemented some fixes and they are working on adding some more attack protections.
The Bosch’s Drivelog Connect is a service which provides information about condition of a vehicle, which includes service deadlines, potential defects, and data on the fuel consumption and the driving behaviour. The product also includes a dongle named Drivelog Connector, which is connected to car’s OBD2 diagnostics interface, and also a mobile application which communicates with the dongle using a Bluetooth.
The researchers at the automotive cyber security firm Argus have found some very serious vulnerabilities in the communications between the dongle and the mobile app.
One of these security holes is also related to authentication process between the Drivelog Connect smartphone app and the Drivelog Connector. The app is available for both Android and iOS, but experts have focused on Android application. The second flaw affects dongle’s message filter.
According to the researchers, the diagnostic messages can only be sent to CAN bus by a valid service ID. But, this message filter can also be bypassed by sending some OEM-specific messages that can be obtained through the CAN traffic monitoring or by fuzzing the CAN bus messages.
An attack leveraging this message filter bypass can be launched by a hacker who has obtained root access to the targeted user’s smartphone. During tests which they have conducted, the Argus researchers said that they have managed to remotely stop the engine of a moving car by exploiting these vulnerabilities. They also pointed out that, depending on the make and model of the car, other actions may have been possible.
This attack scenario requires root access to the Android device and a malicious patch to the mobile app. Car manufacturers have often pointed out that it’s difficult to prevent attacks once a smartphone has been compromised.