VESC safety issues → no PW?

Linesflag · October 14, 2021, 3:48pm

So I was thinking… If you get near to someone with a board, you can theoretically just connect with the VESC tool app and just completely mess up their settings, without them even realizing it until its too late, right? That seems really dangerous, even my 20$ smart BMS lets you set a password you have to enter before you can change any settings.

b264 · October 14, 2021, 3:56pm

That’s what the pairing is for.

You can log your own hardware UUID from VESC Tool and then if you “pair it” you won’t be able to connect wirelessly with any other device except your phone or computer, without entering the UUID as the password.

b264 · October 14, 2021, 3:57pm

In general, until / unless VESC hacking becomes a thing, it seems more a problem than a solution, as I’ve accidentally locked myself out by not knowing my UUIDs before and nobody knows to log that stuff ahead of time.

Linesflag · October 14, 2021, 4:06pm

damn I didn’t even think of that, time to write my UUIDs down.

b264 · October 14, 2021, 4:10pm

You can still connect via wire (USB for example) if the pairing flag is set and you use a foreign device.

rpasichnyk · October 14, 2021, 7:46pm

I always thought that pairing_done flag in VESC Tool does not give any protection. If I remove following lines of code and compile VESC Tool, I can still connect and change settings, right?

github.com

vedderb/vesc_tool/blob/dev_ver_3_01/vescinterface.cpp#L3099-L3112

    
      
          #ifdef HAS_BLUETOOTH
              if (mBleUart->isConnected()) {
                  if (params.isPaired && !hasPairedUuid(mUuidStr)) {
                      disconnectPort();
                      emitMessageDialog("Pairing",
                                        "This VESC is not paired to your local version of VESC Tool. You can either "
                                        "add the UUID to the pairing list manually, or connect over USB and set the app "
                                        "pairing flag to false for this VESC. Then you can pair to this version of VESC "
                                        "tool, or leave the VESC unpaired.",
                                        false, false);
                      return;
                  }
              }
          #endif

b264 · October 14, 2021, 7:53pm

It seems to give light protection against casual pranksters, but not any against dedicated bad actors.

Kind of like a lock on a chainlink fence gate that can be jumped over if desired. The drunk guy walking by on the sidewalk probably isn’t going open it and run inside. The guy whose wife you fucked last week will definitely be able to get inside.

Linesflag · October 14, 2021, 8:26pm

lmao

I think asking for a PW and encrypting said PW isn’t too much work, is it?

xsynatic · October 14, 2021, 8:27pm

I would love having to enter a password, even when connecting via USB.

Avi · October 15, 2021, 3:37pm

No, that’s a lot of work.
A password alone is a little less work, but still not trivial.
Getting support for a new secure handshake, and exchange protocol in every Bluetooth client is even more work.

As a rule of thumb doing security right is always a lot of work.
Of course you can always take shortcuts, but then you’ve only achieved security theater.

JReuben · February 27, 2024, 9:25pm

I have been thinking about this for a while and finally decided to do some research. awesome question!

Soflo · February 27, 2024, 11:03pm

It’s really easy to capture a uuid and bypass this. Float control app for iphone makes it very easy. I would not rely on this at all.

lidocaineus · February 28, 2024, 12:17am

If you’re paranoid, you can disconnect the bluetooth module or disable it. Now you need physical access to the USB port.

Alternatively, Metr modules have a required pairing code.