Here in my car
I feel safest of all
I can lock all my doors
It’s the only way to live
In cars
1. Development
If you really think the system inside the car is just a computer that you can carry, it is not so surprising that there are several tools and frameworks inside the automotive hardwares.
And yes, as you can see below, there are Linux, QNX, and Android inside your car!
1.1. Some standards
-
MISRA C: C programming standard by MISRA(Motor Industry Software Reliability Association)
The MISRA C is a coding guideline published and managed by MISRA. Since the first release of standard in 1998, it has become a de facto standard in safety-critical industries, including the automobile industry.
-
AUTOSAR (AUTomotive Open System ARchitecture)
It is a partnership between car vendors and manufacturers basically. The goal of the partnership is to develop open standards in software architecture, so the partners can integrate features and components more easily and in structured ways.
And the developers can divide the whole embedded software and firmware into several 'modules', so that makes the venders and developers can quickily develop components and features because these are modularized, thus the components can be re-used.
As a car hacker or a penetration tester, knowing the AUTOSAR components and their specification can make the understanding the targets and goals further and deeper. Which functions should I trigger to get values stored in HSM area? What is the name of API? Most things are already defined in the specification documents.
Core partners of AUTOSAR is BMW, General Motors, Ford, Toyota, Volkswagen and Mercedes-Benz.
Car manufacturers know the concerns, the software can be buggy and sometimes these bugs can be vulnerability, software vendors test the software before applied to car. They do perform static analysis of source code, and do perform fuzz testing.
1.2. Operating Systems
-
-
Blackberry claims 61% of electric vehicles in the world is using QNX (An article in Korean)
-
QNX commanded 71% of the Chinese intelligent vehicle cluster in 2023.
-
-
Automotive Linux(AGL; Automotive Grade Linux) is a project of the Linux Foundation.
-
At the very beginning, it had a plan to work with the Tizen project.
-
1.3. What do you usually use to develop the car infotainments?
-
Some IVIs of Toyota and BMW are using Flutter for their infotainments.
-
-
Android Auto & Apple Carplay looks like it is not an operating system or infotainment itself, it can just connect your phones to your car and manage it.
-
-
-
Qt Quick
-
2. Networks
2.1. Physical Layer
-
CAN; Controller Area Network
-
Automotive Ethernet
2.2. Application Layer
-
DoIP; Diagnostic over Internet Protocol (ISO 13400 Standard)
Before the DoIP has widely accepted, there were several protocols to do diagnosis over Ethernet.
-
HSFZ; High Speed Fahrzeug Zugang, by BMW
-
GMLAN; General Motors™ Local Area Network, by GM
3. Reference
-
ISO/SAE 21434: Cybersecurity Engineering
-
COVESA, the abbreviation of The COnnected Vehicle Systems Alliance.
4. Regulations
You can download documents in PDF from each links.
-
UN Regulation No. 155 - Cyber Security and Cyber Security amanagement System
-
In Poland, manufacturers must do it by the end of 2023.[2]
-
-
UN Regulation No. 156 - Software Update and Software Update Management System
-
UN Regulation No. 157 - Automated Lane Keeping Systems
-
China (Mainland?)
-
Might be a draft
https://members.wto.org/crnattachments/2023/TBT/CHN/23_11189_00_x.pdf (Simplified Chinese)
-
Consider visiting WTO websites for recent updates.
6. Community
-
Reddit /r/CarHacking
-
Github
7. See Also
-
Black hat 2015: Hack a Jeep Cherokee
-
Black Hat USA 2015: The full story of how that Jeep was hacked - Kaspersky
-
Rolling Pwn on (almost) every Honda cars
-
btw I think Kevin is really good at automobile hacking
-
dissecto Knowledgebase contains lots of good information about communication protocol, and car hacking in general.
-
A blog maintained by an automotive software developer. Well structured posts and write ups(Korean).
-
UDS, ISO-14229-1