===== Intro ===== Comma is a company that makes open source driver assist technology for automobiles. Openpilot is the brains of the comma two device. You can choose to give your car a “software upgrade” to perform automated functions better. It utilizes or improves upon the experience of Adaptive Cruise Control, Automated Lane Centering, Forward Collision Warning and Lane Departure Warning while also adding Driver Monitoring as a safety feature. This competes with the likes of Tesla Autopilot and GM Super Cruise, except that it’s open source software. Openpilot deploys a bunch of local services written in Python to facilitate data going from the car to Comma devices and visa-versa. To get an in-depth view of how this works, refer to https://desosa.nl/projects/openpilot/2020/03/11/from-vision-to-architecture.html for a more complete explanation and design diagram. After evaluating and testing various local and remote attack vectors on the system, mostly around device permissions, hardening core processes and SSH access to the device, the product seemed pretty solid. A few security suggestions were shared with the dev team and changes were made by the dev team, see the Fixes section below for more details. ======= Details ======= See https://i.haxx.cc/2021/01/25/who-wants-to-drive/ for a full walkthrough. openpilot-scan.sh was created to check for devices on your local network that allow login with the default SSH key. -> https://packetstormsecurity.com/files/160735/Openpilot-Default-SSH-Key-Scanner.html ===== Fixes ===== - Device permissions -- https://github.com/commaai/openpilot/pull/21922/commits/56114a9db7360e8ab13393d1a5de83fde30e28da - Processes running as non-root -- "Openpilot can now mostly run as a non-privileged user" - SSH key -- "We removed the default SSH key in the latest NEOS update and SSH is now turned off by default. We require the user to turn this on manually now and can only be used with their public keys from their github." - Warning for URLs other than Openpilot official -- WONTFIX