• atrielienz@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    It isn’t just one module. That’s what I’m trying to tell you. There’s a handshake. So replacing the Electronics control module or the Powertrain control module those modules have to be configured to the Vin. In my mother’s escape the PCM is in the wheel well behind a liner held in by plastic clips. None of those parts can be replaced without being configured to the VIN.

    As for poorly designed cars, yeah. They’ve been making them for years and security has been evolving. Doesn’t mean we should set ourselves back in that arena because Joe wants to swap out his PCM with one from the junk yard.

    CAN network injection can be achieved through the headlight well on some cars.

    https://www.autoblog.com/2023/04/18/vehicle-headlight-can-bus-injection-theft-method-update/

    • themoonisacheese@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      I know that it isn’t just one module. What is the handshake achieving exactly? Because it’s not additional security from an attacker trying to replace the keyless entry module with a hacked one, and if it is doing that then this is a terrible security design and the actual solution is not to get to keep using this ‘security’ threat model.

      • atrielienz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        7 months ago

        According to the diagram I’m looking at? The front door handle receives the entry signal from the key that’s in proximity to the vehicle (I think it’s something like within three feet). That signal is sent to a BCM (ECU), that then talks to other PAssive entry antennas on the vehicle to unlock the door. Simultaneously it talks to the PCM and IPC through the Gateway module, sending a Passive Entry enable signal. Those modules talk to the ignition switch allowing the vehicle to be started. Looks like this happens on what’s called the High Speed CAN network. So the question is, if I can access this network via something like the PCM and the PCM isn’t properly configured to prevent this, can I override the network without having the key with sufficient tech? That’s problematic for a lot of reasons. So no. I don’t think you should be able to go to a junkyard or pick and pull and buy a module that could compromise your network and I don’t understand why anyone would want that. You absolutely can buy a module from the manufacturer and get a shop (not even a dealership, just an independent shop with the right tools) to configure a module.