For my Masters’ Thesis I worked on security of connected vehicles. The aim was to uncover and demonstrate security vulnerabilities. The project was composed of two main parts, or I could say two cars!
1. Renault Twizy
We picked Renault Twizy to start our adventure, and in case you are wondering why? Frankly that was the only car we had at our disposal.
We used an open-hardware device called Open Vehicles Monitoring System (OVMS). OVMS is designed for monitoring various electrical vehicles (EV), such as Tesla Roadster, Chevrolet Volt, Nissan Leaf and so on. The device costs about 100$ and plugs into the on-board diagnostics (OBD) port. In case of Twizy it happens to be possible speak to the main Electronic Control Unit (ECU) directly from OBD-II port; Leaving out entire the details, we managed to control the throttle and gear through OVMS and since OVMS has cell data connections, we modified OVMS client application to control our Twizy.
Although the code is not clean and there are no guides on how to use them, I put them online in the following repositories.
Android app to control the car
An older version of the Android app to control the car
A console app to control OVMS over serial port
Modified version of OVMS firmware which is required for the app to function properly
Feel free to contact me in case you have further questions.
2. Toyota Prius
A Toyota Prius was the second vehicle that we could get our hands on, which we basically borrowed from IEE for two months. In this front there was some related work done by some security researchers. We re-produced their work and tried a few new tricks. In case of Prius also we needed to fit a device into the OBD-II port, and after that we were able to perform certain actions such as applying brake or steer the car.
In case you would like to know more about this work please refer to the publications listed on this page.