Tech by VICE

Hack Makes Car Tweet Its Mileage and More

Not all car hacking is about killing people.

by Joseph Cox
Nov 28 2015, 7:00pm

Photo: Car leasing made simple/Flickr

When someone mentions 'car hacking', your mind is likely filed with images of Google's self-driving cars going on a malware-induced riot, or researchers remotely cutting the ignition to a jeep while casually sitting on their sofas.

But car hacking isn't all about identifying vulnerabilities so they can be fixed: Other researchers are making usability improvements too. Terence Eden, a senior product manager from O2 UK, has managed to get his BMW i3 electric car to tweet stats about itself, such as the distance it has traveled, its fuel efficiency, and more.

The process comes in several different stages. First, Eden installed Packet Capture, a piece of software used to intercept communications between devices. Eden used this to snoop on the messages being sent from his Android phone running the official i Remote App to his BMW. The i Remote App is a companion piece of software for the company's cars, and allows a user to control different features of their vehicle, such as unlocking the doors or honking the horn.

Although some of the app's features are interesting, it is "slow, ugly, and a pain to use," Eden writes on his blog. So, by capturing the commands sent by the app, Eden reverse engineered his own interface for interacting with the BMW.

Armed with this, Eden was able to pick out all sorts of details about his car, including the battery level of the vehicle, the traveled distance, and information about its destination.

From here, it's possible to start sending commands to the car in whatever way you see fit.

"Your app communicates with the API, the API then communicates with the car's 3G modem, then you have to wait for a response," Eden writes.

In Eden's case, he has set up a Twitter account posting updates on behalf of his BMW. Most of these include basic information about the car's usage.

"It would be lovely if BMW decided to open up an official API so that people could fiddle with their cars," Eden adds. "The API seems secure and there's limited scope for damaging the vehicles."