Car Hacking - With Bluetooth OBD

Friend, colleague, and fellow geek, Sam Machin has introduced me to the wonders of the OBDII port!

Essentially, OBD (On Board Diagnostics) is a port which is found on every car produced since the late 1990s. It allows garages to see all sorts of diagnostic information about your car, its engine, and all other manner of petrol-headed goodness. It's designed to be easily accessible and conform to a common standard.

So, it's no surprise that a whole cottage-industry has developed around this port. Whereas connecting to OBD used to be something done only by garages, now anyone can buy an adapter. Which is how I got this £20 BlueTooth capable OBD dongle.

After scrabbling around in my new Toyota Yaris Hybrid, I found the OBD port just to the right of the steering wheel.

Fitting it was simply a matter of figuring our which way round it went, and then jamming it in. It fits well and doesn't feel like it will fall out - but a bit of gaffer tape may be in order to secure it when I drive along bumpy roads. As soon as it plugged in, the lights started flashing and I was able to pair it with my Android phone.

Security

The default code for these things is either "0000", "1234", or "6789". I really wish that could be changed. OR, at least, print a unique 8 digit code on each device. Essentially, the unit is on all the time - slowing drawing energy from the battery - which means that it is discoverable all the time.

So, anyone walking around the car park - or stuck in traffic with me - can get a full readout of my car's diagnostics.

True, it's not the biggest security threat in the world. We know that proprietary software is riddled with bugs. Toyota had to recall hundreds of thousands of cars due to software glitches.

Perhaps there's a bug in the car - or the device - which will let an attacker stall the engine, or unlock the doors, or find out my fuel efficiency.

Of course, I could unplug the dongle every time I get out of the car (some units have physical power buttons) but that's a faff I can do without.

The Plan

I'm using the free Android app Torque (Pro Version available for £3).

It's a nifty program which lets you monitor (and export) data from the engine. My phone will quite happily pair with the car's audio system and the OBD dongle - so that shouldn't be a problem. But it does rely on my remembering to pair the device (and take my phone with me!).

What I'm planning to do is use a cheap 2nd hand Android phone to act as a 3G bridge for the dongle. The Yaris has a USB port hidden in the glove compartment - it's usually used for playing music from a USB stick, but I think it should be sufficient to trickle charge a phone.

As the car doesn't have a built in GPS unit, I can use the Android's GPS to keep track of the car. I can use its 3G connection to email or text me whenever the car is moved - useful if it's being stolen or towed. I can plot my journeys, automatically let my wife know when I'm stuck in traffic, and all sorts of other jiggery-pokery.

Let the hacking commence :-)