Quote:
Originally Posted by scottomfg
But the data is encrypted. You can't reverse engineer software to get the encryption key.
|
Typically, the encryption key is negotiated as part of the pairing. I'd assume the path of attack would be to reverse engineer the software linking routine to negotiate your own encryption key when you connect. An attack doesn't want to listen to the datastream while the adapter is connected to your phone, it wants to negotiate its own link.
Again, low probability event, as many of the BT OBD plugs don't do any of it at all, so it's easier to go after the low hanging fruit before chasing a unit with a custom security scheme. And since I haven't spent any time looking at the Automatic adapter, it's implementation of security might be far higher than I am assuming. Still, if there isn't a hardware "pair now" button, the dongle is vulnerable to a brute force attack on the pairing PIN. Pushes it to an even lower probability - first you need to be found by an attacker looking for that type of adapter, then the attacker needs enough time to brute force a large number of codes, all while the adapter remains active on the ECU.