Automotive WiFi?

[MV10]

Anybody know who is responsible for WiFi for the various auto manufacturers? Chevy, Ford, all of them offer WiFi these days. (I'm not so concerned about somebody snooping traffic, but the ability to inject packets sounds a few steps away from potential buffer overflows...)

[kristate]

This is a good point. Amazing how far Wi-Fi has been integrated into our lives.

Perhaps we should start a list for cars? I found this list:
https://www.cars.com/articles/which-2017-cars-offer-in-car-wi-fi-1420692490461/

[zeadope-zz]

Maybe list the technologies instead:

• QNX
• Apple Car Play (runs on Blackberry’s QNX platform)
• Android Auto (by Google in-car)

[kristate]

@zeadope right, but there are also weirder integrations like JEEP's which was hacked last year:
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

[zeadope-zz]

@kristate check out the documentation of the hackers here: https://www.scribd.com/mobile/doc/236073361/Survey-of-Remote-Attack-Surfaces#

Many brands use Uconnect (FCA US). I can’t find what underlying technology they use. -Might be QNX might be something else-.

Update: CHRYSLER, DODGE, JEEP®, RAM, MOPAR®, SRT®, FIAT®, ALFA ROMEO brands use Uconnect which IS a layer on top of QNX.

Older generations QNX use the network stack “io-net”, the newer/current versions might use “io-pkt” for easier updates from netBSD.

However current netBSD appears to be using wpa_supplicant, which has been patched.

Just don’t use your car as a Wi-Fi client. :)

[kristate]

Any word from QNX/ Blackberry?

[zeadope-zz]

No, most likely blackberry automotive branch won’t say anything directly to the public. Car manufacturers will most likely provide self updates using USB or though official dealerships.

[MV10]

A lot of Android Auto runs on QNX as well. My truck is a 2017 Chevy and it's QNX. That's just the OS, not really clear if it would be an OS responsibility or whomever made the radio chipset... looking pretty complex. And you know auto makers and dealers... I'm not expecting a fast turn-around on this.

[zeadope-zz]

Most GM enabled brands use MyLink/IntelliLink based on QNX.

[zeadope-zz]

I've made a start and added a concept VEHICLE.md, but it needs some work.

• Optimize layout
• Add brands (that have models with Wi-Fi):
  • Fiat Chrysler Automobiles N.V. (missing Maserati)
  • General Motors
  • Volkswagen Group
  • Toyota
  • Honda Motor Co., Ltd. (Honda auto and new motorcycle cruiser)
  • Hyundai Motor Group (Genesis Motors, Hyundai Motor Company, Kia Motors)
  • Ford Motor Company
  • BMW
  • Mercedes
  • Tata motors (Jag, Land Rover)
  • Nissan Group (Datsun, Infinity, Mitsubishi, Nissan, Renault)
  • Tesla Motors, Inc.
  • Groupe PSA (Citroën, Peugeot, Opel, etc.)
  • Geely Holding Group (Volvo Cars / AB Volvo)
  • Ferrari N.V. (Ferrari)
  • ...
• Filling it with model specific data (edition, from year, status, comment)
• ...

[MV10]

Shouldn't Blackberry be on the response matrix in general?
(Although as far as I can tell they haven't said a word about it, so far.)

[zeadope-zz]

RIM’s (owner of Blackberry) board might not want to do that for several reasons. Also there might be legal concerns with RIM and manufacturers contracts.
Manufacturers might only come with an update/recall as soon as internal/external investigation is complete. Maybe there is nothing to be concerned about for all we know.
If they say something now without any certainty, this WILL affect sales by a lot. People might also not choose the brand for their next vehicle.
This is a very delicate situation I guess.

[zeadope-zz]

#181 PSA Groupe

[edjm]

2017 Honda CR-V can be added to this list. It uses Android 4.2.2. Based on Google searches, it looks like the 2016 Honda Civic and Pilot do as well.