Car-hacking researchers hope to wake up auto industry

Jul 26, 2013 by Rob Lever

Computer geeks already knew it was possible to hack into a car's computerized systems and potentially alter some electronic control functions.

But new research to be presented next week shows the vulnerabilities are greater and the potential for mischief worse than believed, in a wake-up call for the .

Chris Valasek, director of security intelligence for the security firm IOActive, and Charlie Miller, security engineer for Twitter, found these vulnerabilities in cars' on-, a mandatory feature on US vehicles since 1996.

They found that by accessing this device, which sits under the steering wheel, someone with a brief period of access, like a parking attendant, could hack the car and reprogram key safety features.

"We had full control of braking," Valasek told AFP in a telephone interview.

"We disengaged the brakes so if you were going slow and tried to press the brakes they wouldn't work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile."

The pair, working with partial funding from the US government's Defense Advanced Research Projects Agency, also manipulated a vehicle's steering by hijacking the "park assist" feature which was designed only to move slowly in reverse.

"You would need a brief moment of physical access," Valasek said. "You could reprogram and untether from the car and the system."

While some earlier research focused on the potential to wirelessly gain control of some functions, Valasek said his project looked at overwriting the software code in the vehicles, with even more damaging consequences.

The research is to presented next week at Def Con, an annual gathering of hackers and security experts in Las Vegas.

The research is not the first to show the potential for hacking into car computer systems, which are becoming more ubiquitous as more vehicles add services connecting to the Internet or cellular phone networks, and some firms like Google are using self-driving automobiles.

A 2010 study by researchers from the University of Washington and University of California at San Diego demonstrated how an attacker could infiltrate virtually any electronic control unit (ECU) of a car and "leverage this ability to completely circumvent a broad array of safety-critical systems."

That study showed that the engine control devices initially designed for pollution reduction had been integrated into other aspects of a car's functioning and diagnostics.

And the US Department of Homeland Security issued an advisory in May warning of flaws in the wireless Bluetooth systems in some cars which could be exploited by an outsider to take control of some car functions.

Valasek said most cars on the road have a number of computers and "they all trust each other. As long as they are receiving information, they don't care who is sending it."

This highlights the need for more attention to cybersecurity in vehicle design, he said.

"We want an intelligent discussion on this," he said.

Valasek and Miller will be releasing full technical details of their research at Def Con.

"We hope people enjoy the presentation and take our tools and data and try to reproduce them and do their own research," he said.

"Although there is research on automobile security no one is releasing the data."

Valasek said there have been no real-life exploits of automobile hacking, but added that "we just don't know what could be done with this."

He said it is more complicated than hacking into a personal computer but that his latest research shows that "with a minimal number of people you can have results where you can control the car, and do things that are detrimental to safety."

Explore further: Greater safety and security at Europe's train stations

add to favorites email to friend print save as pdf

Related Stories

Beware of Hackers Controlling Your Automobile

May 18, 2010

(PhysOrg.com) -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to ...

Can an MP3 hack your car?

Mar 18, 2011

(PhysOrg.com) -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. ...

McAfee warns of hacker threat to autos

Sep 07, 2011

Cars made smarter with Internet technology are zooming into perilous hacker territory, according to a report by US computer security giant McAfee.

'Hello car, what is the password?'

Mar 01, 2013

As cars get clever - bristling with computer chips and networking capabilities - an EU-funded project makes sure that your car's data stays safe and the networks are secure from hackers and tampering.

Safety needs higher priority for young drivers

Jul 25, 2013

Safer cars should take a higher priority when buying a vehicle for young drivers and allocating car use within families, according to University of Adelaide automotive safety researchers.

Recommended for you

Greater safety and security at Europe's train stations

15 hours ago

When a suspicious individual fleas on a bus or by train, then things usually get tough for the police. This is because the security systems of the various transportation companies and security services are ...

Fingerprints for freight items

16 hours ago

Security is a top priority in air freight logistics but screening procedures can be very time consuming and costly. Fraunhofer researchers intend to boost efficiency with a new approach to digital logistics, ...

On the way to a safe and secure smart home

16 hours ago

A growing number of household operations can be managed via the Internet. Today's "Smart Home" promises efficient building management. But often the systems are not secure and can only be retrofitted at great ...

DIY glove-based tutor indicates muscle-memory potential

Aug 31, 2014

A senior editor at IEEE Spectrum worked on a DIY project that enabled his 11-year-old son to improve his touch typing by use of a vibrating glove. His son was already "pretty quick on the keyboard," said ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Jul 26, 2013
Subsystems on cars come from multiple sources. Ensuring they are all free of lurking malware must be a real headache. Even if an infected subsystem can't spread its malware, there are likely many opportunities to adversely affect communication over the vehicle's network (e.g. canbus).
Skepticus
1 / 5 (1) Jul 27, 2013
I am all for the introduction of autonomous, or self driving vehicles - as long as there is a mandatory mechanical back up system to shut the engine and the steering assist motor down completely, and a backup manual hydraulic-assisted brake system, no matter what the control computers can say or do!