Bosch, as in Bosch Rexroth, the parent company of the manufacturers of Rexroth and Indradrive electric motion control systems, makes a smart-car accessory called a drivelog dongle. The Bosch Drivelog Connector OBD-II dongle, to be exact.
Users of the dongle can easily pair it with the Drivelog Connect phone app, using bluetooth technology. The app explains what error codes mean. Rexroth error codes make perfect sense if you know all about them; otherwise they are, as Aftermarket News Global succinctly explained, ” incomprehensible.”
It keeps a digital drivelog which can be used for identifying business-related trips for taxes, gauging relative fuel economy of two routes, or for analyzing driver behavior for insurance companies. It can even find your parked car if you’ve forgotten where you left it.
Aftermarket News also quotes Bosch as saying that “the Bosch security concept protects all Drivelog Connect components from hacker attacks and data theft.” This turned out not to be perfectly true.
In a public-spirited publicity stunt, Argus Cyber Security used a brute force remote attack to connect with a dongle without using the Drivelog Connect app. The dongle wasn’t connected to a car; it was in a lab, simulating the car experience. Argus cracked the encrypted messages and created a patch for the Android version of the app which allowed them to send their own messages to the dongle. They figure it could be possible — if you were close enough to the car — to make a car using this dongle stop on the freeway or something dangerous like that
Here are the steps:
- Attacker pairs with the Drivelog dongle and receives the dongle certificate.
- Attacker brute-forces the dongle PIN in an offline environment.
- Attacker connects to the dongle.
- Having completed steps 1 through 3, attacker is able to send malicious CAN bus messages.
Argus said a lot of nice things about Bosch’s security protocols. The full description of the effort makes it clear that they had to go to a lot of trouble to get the dongle in the lab to misbehave. The vehicle also has to be within bluetooth range, so the miscreant would have to explain why he’s hanging out by the freeway watching for that car. It’s probable that anyone capable of hacking this dongle could more easily put a bomb in the car. We’re not all Bond villains, right?
A couple of years ago, researchers at UCSD figured out how to turn on a car’s windshield wipers and disable its brakes remotely. Again, it was a dongle that made it possible.
This type of hacker research helps manufacturers fix security vulnerabilities. It certainly points out issues that could affect driverless vehicles. And it also gives Industry 4.0 more to think about.
While makers consider improving security, we can help you with your Rexroth electric motion control. Contact us now.