1. Welcome to Tundras.com!

    You are currently viewing as a guest! To get full-access, you need to register for a FREE account.

    As a registered member, you’ll be able to:
    • Participate in all Tundra discussion topics
    • Transfer over your build thread from a different forum to this one
    • Communicate privately with other Tundra owners from around the world
    • Post your own photos in our Members Gallery
    • Access all special features of the site

CAN bus injection theft

Discussion in '3rd Gen Tundras (2022+)' started by nodak67, Apr 10, 2023.

  1. Apr 10, 2023 at 9:58 AM
    #1
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    TTund16, mayan and Retired...finally like this.
  2. Apr 10, 2023 at 10:07 AM
    #2
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
  3. Apr 13, 2023 at 6:00 AM
    #3
    Skidmarcx

    Skidmarcx New Member

    Joined:
    Oct 30, 2022
    Member:
    #85785
    Messages:
    194
    Gender:
    Male
    First Name:
    Mike
    Glendale, AZ
    Vehicle:
    ‘22 SR5 CM
    Pretty crazy for sure… we had a Chevy Silverado in my shop last year with a no start condition, turned out moisture in the left headlight was the cause, go figure haha
     
    TTund16 likes this.
  4. Apr 13, 2023 at 8:58 AM
    #4
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    all i can think of is the movie gone in 60 seconds where they pop the driver front headlight and jam a screwdriver in it to help steal the car.
     
    Hella Krusty and chugs like this.
  5. Apr 13, 2023 at 10:20 AM
    #5
    mayan

    mayan Texas BBQ and Beer

    Joined:
    Jan 4, 2023
    Member:
    #89729
    Messages:
    206
    Gender:
    Male
    First Name:
    Mayan
    DFW
    Vehicle:
    2023 SM Tundra Limited
    HEADLIGHT SHIELDS :rofl:?? This is scary man a $10 PIC18F has the power to spoof the car hopefully they can roll out a temporary software patch and incorporate a better and more secure can bus protocol. Life only gets more interesting from here lol might have to develop an ai powered GAU 8 that deploys from the bed and brings hell to the thieves.
     
    4genRunner, in_the_mud and chugs like this.
  6. Apr 13, 2023 at 10:48 AM
    #6
    raylo

    raylo not so new member

    Joined:
    Oct 1, 2021
    Member:
    #68780
    Messages:
    1,934
    Gender:
    Male
    Frederick, MD
    Vehicle:
    2023 SR5 DC 6.5 bed Lunar Rock, TRD OR +Options
    DashCam, amp and subwoofer, DIY rear seat delete
    The NEXX garage door openers have been patched.
     
    nodak67[OP] likes this.
  7. Apr 14, 2023 at 12:30 PM
    #7
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    But there problem is that the bug is in all nexx wifi products from what I can tell, not just the garage door
     
  8. Apr 14, 2023 at 12:34 PM
    #8
    raylo

    raylo not so new member

    Joined:
    Oct 1, 2021
    Member:
    #68780
    Messages:
    1,934
    Gender:
    Male
    Frederick, MD
    Vehicle:
    2023 SR5 DC 6.5 bed Lunar Rock, TRD OR +Options
    DashCam, amp and subwoofer, DIY rear seat delete
    I suspect those have been patched too. This was all very recent. They took the garage door controllers offline last week and rolled out the patched firmware soon after. Maybe even some patches on their cloud end? IDK.

     
    nodak67[QUOTED][OP] likes this.
  9. Apr 14, 2023 at 2:23 PM
    #9
    mmasse

    mmasse Digital Forensics Cowboy

    Joined:
    Jul 2, 2022
    Member:
    #80200
    Messages:
    257
    Gender:
    Male
    Idaho
    Vehicle:
    2022 Magnetic Grey Tundra
  10. Apr 14, 2023 at 3:30 PM
    #10
    raylo

    raylo not so new member

    Joined:
    Oct 1, 2021
    Member:
    #68780
    Messages:
    1,934
    Gender:
    Male
    Frederick, MD
    Vehicle:
    2023 SR5 DC 6.5 bed Lunar Rock, TRD OR +Options
    DashCam, amp and subwoofer, DIY rear seat delete
  11. Apr 14, 2023 at 7:39 PM
    #11
    Descend

    Descend New Member

    Joined:
    Sep 28, 2021
    Member:
    #68666
    Messages:
    106
    Gender:
    Male
    North West
    Vehicle:
    '23 Tundra TRD Pro MGM
    Tundrastruck91 likes this.
  12. Apr 17, 2023 at 9:10 AM
    #12
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    did a follow up on this update by nexx. apparently the fix was to removed the ability to open the door except for bluetooth access. the wifi compenent that everyone used were nuked.


     
  13. Apr 17, 2023 at 9:23 AM
    #13
    vtl

    vtl New Member

    Joined:
    Mar 23, 2020
    Member:
    #44238
    Messages:
    1,858
    Gender:
    Male
    Boston 'burbs
    Vehicle:
    2019 Red SR5 DC 4x4
    This was a reason of dashboard Christmas Tree, no brakes, no engine boost and transmission in 4th gear. Acceleration from 0 to 20 MPH took two years.

    1.jpg

    No, not my hand. Volvo put AWD computer under the car's belly, right above the exhaust pipe. Aluminum case corroded along the cover's seal, let water and salt in, where it corroded a bottom pad of one single 1/64" long SMD resistor. Unfortunately, it was a CAN-bus terminating resistor that disrupted communication with brakes control module (BCM). BCM software didn't expect it and failed in a way that was not properly thought of by the programmers. No BCM means limp mode.

    You could not see what happened even in microscope. I just started blowing off all SMD parts in that suspicious corner with water intrusion traces.
     
    mayan and Skidmarcx[QUOTED] like this.
  14. Apr 17, 2023 at 6:33 PM
    #14
    Skidmarcx

    Skidmarcx New Member

    Joined:
    Oct 30, 2022
    Member:
    #85785
    Messages:
    194
    Gender:
    Male
    First Name:
    Mike
    Glendale, AZ
    Vehicle:
    ‘22 SR5 CM
    Todays vehicles definitely require a deep understanding of how systems work in order to diagnose these difficult issues, just when I think I’ve seen it all…
     
  15. Apr 18, 2023 at 8:38 AM
    #15
    raylo

    raylo not so new member

    Joined:
    Oct 1, 2021
    Member:
    #68780
    Messages:
    1,934
    Gender:
    Male
    Frederick, MD
    Vehicle:
    2023 SR5 DC 6.5 bed Lunar Rock, TRD OR +Options
    DashCam, amp and subwoofer, DIY rear seat delete
    Not on mine. When they first took it offline due to the issue the wifi connection was gone, so maybe it worked on BT only then. IDK. But now it is back connected via wifi and my door functions with Bluetooth turned off on my phone, like it usually is.

    I also have the MyQ wifi app on this GDO. Only reason I also have the NEXX is that I had it already for an older GDO and the new Chamberlains don't support Alexa natively, while the NEXX does. I actually use that feature a lot, mostly to close the door on my way out with bike or motorcycle. Allows me to close it without needing to use the app or keypad.

    The other thing is that I have contacts for my home alarm system on the garage door. So if it ever gets opened by a hack or forced open mechanically I will know. Also have a camera in there.

     
    Last edited: Apr 18, 2023
    nodak67[QUOTED][OP] likes this.
  16. Apr 18, 2023 at 8:41 AM
    #16
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    glad they fixed it properly.
     
  17. Apr 18, 2023 at 10:06 AM
    #17
    raylo

    raylo not so new member

    Joined:
    Oct 1, 2021
    Member:
    #68780
    Messages:
    1,934
    Gender:
    Male
    Frederick, MD
    Vehicle:
    2023 SR5 DC 6.5 bed Lunar Rock, TRD OR +Options
    DashCam, amp and subwoofer, DIY rear seat delete
    We'll see. All these cloud-based "Internet of things" devices will likely have vulnerabilities at one time or another. The cost of convenience, I suppose.

     
  18. Apr 18, 2023 at 10:25 AM
    #18
    vtl

    vtl New Member

    Joined:
    Mar 23, 2020
    Member:
    #44238
    Messages:
    1,858
    Gender:
    Male
    Boston 'burbs
    Vehicle:
    2019 Red SR5 DC 4x4
    I'm developing these modern high-tech things at work and generally feel they are doing more good than bad, but how these greedy bastards treat customers privacy makes me mad. For example, a few years ago we've got our first smart TV (because there was no dumb TV option anymore), and our home internet started lagging like mad. I sniffered the network, just to find out this is our new Samsung TV is streaming telemetry to Korean servers, and our uplink bandwidth was not enough to fulfill the TV's spying needs. It turned out it listens 24/7 even when "switched off" and sends everything said in the room to the cloud. Even without our consent and with all the available checkboxes unchecked. When denied access to those servers, the TV became unresponsive and generally unusable. I had to built a smarter home network solution to fool the TV properly, so it would not send anything, but still think it is OK.

    Fsck this future, it turns us into neo-Luddites (wife works in computer security). I'm driving a 20 years old crap Volvo whose the only over-the-air featur is AM/FM radio. Gen 2.5 Tundra is of about the same complexity. Need to think how to disable telemetry in wife's 22 Sequoia.
     
    Last edited: Apr 18, 2023
  19. Apr 18, 2023 at 10:33 AM
    #19
    raylo

    raylo not so new member

    Joined:
    Oct 1, 2021
    Member:
    #68780
    Messages:
    1,934
    Gender:
    Male
    Frederick, MD
    Vehicle:
    2023 SR5 DC 6.5 bed Lunar Rock, TRD OR +Options
    DashCam, amp and subwoofer, DIY rear seat delete
    What I would prefer are devices that I connect to directly without needing to be mediated through the manufacturer's or third party cloud server. For that to work you would have to open ports in your router, which also presents vulnerabilities... or.... run a router-based VPN that puts you on your home network no matter where you are. That's how I access and manage my Blue Iris ip camera server. If only some mfgs would offer products that work like that, I'd pay a premium.

     
  20. Apr 18, 2023 at 10:46 AM
    #20
    vtl

    vtl New Member

    Joined:
    Mar 23, 2020
    Member:
    #44238
    Messages:
    1,858
    Gender:
    Male
    Boston 'burbs
    Vehicle:
    2019 Red SR5 DC 4x4
    Use open source. This is what we do.
     
  21. Apr 18, 2023 at 11:15 AM
    #21
    TexasCabledawg

    TexasCabledawg New Member

    Joined:
    Aug 20, 2018
    Member:
    #18365
    Messages:
    237
    Gender:
    Male
    Vehicle:
    2022 Tundra
    upload_2023-4-18_12-14-45.jpg
     
    vtl[QUOTED] likes this.
  22. Apr 18, 2023 at 11:19 AM
    #22
    vtl

    vtl New Member

    Joined:
    Mar 23, 2020
    Member:
    #44238
    Messages:
    1,858
    Gender:
    Male
    Boston 'burbs
    Vehicle:
    2019 Red SR5 DC 4x4
  23. Apr 18, 2023 at 1:58 PM
    #23
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    thats why i use something more than the normal routers. run a udm-pro at home with vlans, in and out bound rules and location restrictions.

    the rules is the biggest part, all my iot stuff is walled off on its on vlan. outside attempts to connect to devices on that vlan are dropped into /nulldev. devices trying to call out from the vlan have to go thru my firewall and pi-hole and restricted to only goto a specific ip or only to the admin vlan.

    most of my rules are set that the connection to the iot vlan devices have to be initiated from the admin vlan

    also run honey pots on my network and reports of anything weird connecting to ap or switches.


    but i digress :)
     
    vtl likes this.
  24. Apr 18, 2023 at 2:40 PM
    #24
    Maharisc

    Maharisc w/Patty

    Joined:
    Feb 12, 2022
    Member:
    #74540
    Messages:
    825
    Gender:
    Male
    First Name:
    Karl
    Vehicle:
    2023 Tundra Platinum MBM Hv CM Adv Pkg
    Build date: 12/05/22
    What? No Community Edition Qradar or AC Hunter, um Security Onion? Just RULES and buckets of Honey???
     
    nodak67[OP] likes this.
  25. Apr 18, 2023 at 3:47 PM
    #25
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    well i do have about 955k unique domains on my pi-hole block list :)


    edit : oops, forgot to update in a while, 959k unique domains now.


    pi-hole dashboard.jpg
     
    Last edited: Apr 18, 2023
  26. Apr 18, 2023 at 4:28 PM
    #26
    Maharisc

    Maharisc w/Patty

    Joined:
    Feb 12, 2022
    Member:
    #74540
    Messages:
    825
    Gender:
    Male
    First Name:
    Karl
    Vehicle:
    2023 Tundra Platinum MBM Hv CM Adv Pkg
    Build date: 12/05/22
    I have some catching up to do:

    upload_2023-4-18_17-28-6.jpg
     
  27. Apr 19, 2023 at 6:40 AM
    #27
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    slightly. when i get home i can either export my list or send you a link to a lot of pi-hole maintained lists.

    i think probably why my block % is lower is cause i drop all in/out bound not from the usa before pi-hole even gets involved.
     
  28. Apr 19, 2023 at 6:45 AM
    #28
    99ways2die

    99ways2die New Member

    Joined:
    Mar 30, 2018
    Member:
    #14012
    Messages:
    559
    Gender:
    Male
    ...this is the way.
    LoL

    pi99.jpg
     
  29. Apr 19, 2023 at 6:50 AM
    #29
    nodak67

    nodak67 [OP] New Member

    Joined:
    Sep 7, 2017
    Member:
    #9510
    Messages:
    3,105
    Gender:
    Male
    First Name:
    JR
    Vehicle:
    23 Tundra Platinum Blueprint CM 4x4 5.5ft Non HV
    lol way to many pr0n sites in that list i suspect :)

    jk,

    i am guessing you went further down the rabbit hole and selected the questionable lists?

    i only picked the well fetted lists with low false positives.
     
  30. Apr 19, 2023 at 6:56 AM
    #30
    99ways2die

    99ways2die New Member

    Joined:
    Mar 30, 2018
    Member:
    #14012
    Messages:
    559
    Gender:
    Male
    I grabbed a "motherload" of reliable lists off the usual Pi info/source web sites; some may be redundant, but it doesn't bother me.
    I have pre-teens in the house, and while an IT professional, I don't wanna look and think of computers/etc while home.

    What still amuses me to this day is how I'm used to seeing "clean" Internet/websites, and get startled by the amount of adds/crap not blocked if I'm anywhere else where there is no web filtering in place.
    Some ppl don't care, many don't know anything we're talking about and doing here, and most don't have a clue to begin with.
     
    nodak67[QUOTED][OP] likes this.

Products Discussed in

To Top