Transforming a 2021 Honda Civic Type R into a Mobile Hacking Operating System
Introduction
The Wardriver project is a groundbreaking initiative that integrates advanced cybersecurity functionalities into modern automotive technology. This project successfully transformed a 2021 Honda Civic Type R into a fully operational mobile cybersecurity pentesting lab, capable of conducting penetration tests and security evaluations while on the move.
Why?
While everyone’s focus has been on AI for the last couple of years, I found it fascinating that the hardware in a vehicle's head unit is becoming more advanced and sophisticated, capable of having onboard WiFi and GPS. Since vehicles are considered a part of the Internet of Things (IoT), cybersecurity professionals often pentest these systems, showcasing vulnerabilities within the car's software and infrastructure. I stumbled upon an article in 2015 titled “Hackers Remotely Kill a Jeep on the Highway With Me in It”. While everyone is focused on hacking cars, why hasn’t anyone considered cars capable of hacking other cars or even broader penetration tests?
Theories/Mindset
Most vehicle head units and infotainment systems run off some version of Android. Termux and Kali NetHunter run on most Android-based systems, so if the hardware is compatible, it's theoretically possible, right? This is where I ran into issues with the factory head unit in the 2021 Honda Civic Type R.
I checked the compatibility of Termux and NetHunter with my factory head unit’s Android and kernel versions. This project would have been possible with the stock equipment back in 2021, but due to constant updates to Termux and NetHunter and lack of updates to Honda’s OEM head unit, the software was no longer compatible with the outdated hardware and software that came with the car. At this point, I hit a roadblock. The stock head unit is running Android version 4, and the kernel was also outdated. The next step was to look for updates for the stock head unit, but sadly, Honda hasn’t released any. Not only does this block the progress of the Wardriver Project, but it is a cybersecurity risk in itself. It was time to “Try Harder”.
Try Harder Mindset
Just because the project hit roadblocks due to hardware and software limitations doesn’t mean it was impossible. When going the factory hardware and software route failed, it was time to look beyond the conventional approach and explore aftermarket options. This project was about making a way where none seemed to exist, it was time to “Try Harder”.
Project Objectives
The objectives were to innovate with automotive technology by demonstrating the potential of modern vehicle infotainment systems to support advanced cybersecurity operations, install a functional mobile pentesting platform capable of performing security assessments on-the-go, and raise awareness about the importance of securing connected vehicles in an increasingly connected world.
Technology Stack
The vehicle used for this project is a 2021 Honda Civic Type R, equipped with a Joying 10.1-inch Android 12.0 Qualcomm Snapdragon Head Unit. The head unit is equipped with 8GB RAM and 128GB of internal storage. It’s also capable of 4G internet connection via a hotspot sim card and I can connect a hdmi cable to the head unit to connect an additional monitor. I was able to install Termux and Kali NetHunter, with tools including Nmap, Ncat, Aircrack-ng, and various other Kali NetHunter tools.
Implementation Details
The Joying 10.1-inch Android head unit was selected for it’s compatibility with modern Android applications and its powerful Qualcomm Snapdragon CPU. This head unit runs on Android 12, providing a robust and up-to-date platform for running complex applications like Termux and Kali NetHunter. The Snapdragon CPU is perfect for it’s high performance, which is essential for running intensive pentesting tools smoothly. Additionally, the head unit's large 10.1-inch display offers a user-friendly interface, crucial for navigating and operating Kali NetHunter effectively.
Selection of Head Unit & Installation:
The Joying head unit's compatibility with Android 12 and its Snapdragon CPU and its own dedicated GPU, 8GB RAM/128GB internal storage were key factors in its selection. This head unit provides the necessary computational power and up-to-date software environment to support Termux and Kali NetHunter, making it an ideal choice for this project. I had a local audio and tint shop install the head unit due to time constraints and risks of damaging the car. Their experience helped to mitigate these risks and complete the installation process in a timely manner.
Installing Termux:
Termux, a powerful terminal emulator for Android, was installed on the head unit directly from the Github repository. Termux provides a Linux environment on Android devices, making it an ideal base for installing Kali NetHunter. The installation process was simple and easy to navigate. The whole process took less than an hour.
Setting up Kali NetHunter:
Kali NetHunter, the mobile version of Kali Linux, was installed using Termux. NetHunter provides a comprehensive set of tools for penetration testing and security assessments. The setup process involved downloading the necessary packages, configuring the environment to run seamlessly on the Android-based head unit, and ensuring compatibility with the car’s infotainment system and other functionalities.
Testing and Validation:
Multiple tests were conducted to ensure the system's functionality. An Nmap scan was conducted to verify the system's ability to perform network reconnaissance. Other tools like Ncat and Aircrack-ng were tested on my personal home network to confirm their operational status within the car’s environment.
Results
The Wardriver project successfully demonstrated the capability to transform a modern vehicle into a mobile cybersecurity pentesting lab. Key achievements include the successful integration of Kali NetHunter, operational testing of various pentesting tools, and validation of the system's effectiveness. Additionally, the project showcased the ability to perform complex network scans and vulnerability assessments directly from the vehicle's head unit. This innovative approach not only highlights the potential for mobile cybersecurity operations but also emphasizes the importance of securing connected automotive systems. The project has paved the way for future research and development in automotive cybersecurity, setting a new pioneering standard for what's possible in the field.
Impact and Significance
The Wardriver project showcases the potential of modern automotive technology in cybersecurity operations. By integrating advanced tools into a vehicle, it emphasizes the need to secure connected cars against cyber threats. This innovative approach opens new possibilities, like automating attacks such as bluesnarfing and bluejacking while driving, highlighting the importance of protecting personal and corporate networks. The project also demonstrates the threat of wardriving, where a vehicle can map and exploit unsecured Wi-Fi networks. It shows how mobile environments pose evolving cyber threats, and how remote cybersecurity professionals can quickly assess vulnerabilities in diverse settings, like critical infrastructure or large events. However, it also points out the risks of such technology being misused by threat actors for unauthorized network access. The Wardriver project encourages further exploration of automotive and cybersecurity technologies, inspiring advancements in secure connected vehicles. Future developments could include robust encryption, AI integration, and collaborative security frameworks for sharing threat intelligence. With innovation and determination, it's possible to overcome challenges and drive forward new advancements in automotive cybersecurity. Let this project inspire you to pursue your own creative projects, push boundaries, and make a significant impact in your field.