Forget Car-Jacking: Car-Hacking Is the Crime of the Future

By Andrew Moseman | May 18, 2010 1:42 pm

CarSharkSticking accelerator pedals were just the beginning. Soon you might lose control of your car not because of a technical failure, but because someone hacked into it from afar.

Tomorrow at a security conference in California, Stefan Savage and his team will present their research showing how they used the computer systems that oversee different systems in a car to break in and take control—braking and accelerating against the driver’s will.

The researchers concentrated their attacks on the electronic control units (ECUs) scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs [BBC News].

The software Savage’s team created, called CarShark, took advantage of the fact that ECUs must communicate between different systems. Electronic Stability Control, for instance, must talk to the brakes, accelerators, and wheels; Active Cruise Control and systems that parallel park the car for you also rely on communication across many systems. The team inserted fake packets of data into the lines of communication to seize control of a car, Savage says.

He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they’ve worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim’s car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow’s cars, they see some serious areas for concern [BusinessWeek].

Savage said he and his team wanted to get a head start on the problem of car-hacking, which is sure to arise when hackers get the chance, especially with more wireless access. In small ways it has already started: A couple of months ago an Austin, Texas, man who was fired by a car dealership broke into the remote system that the dealer used to torment people who were delinquent on their payments by honking the horn or otherwise annoying them. About 100 people found their cars inoperable, or honking like mad, after his hack.

The researchers said they did not address the question of the defenses the cars might have against remote access, but said the experience of the PC industry, which did not have extensive security problems until computers became networked, was worth remembering. “To be fair, you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC,” Mr. Savage said [The New York Times].

Car companies should probably address this issue before they offer us the networked “road trains” of the future.

Related Content:
80beats: Reports: Chinese Hackers Stole Indian Missile Secrets & the Dalai Lama’s E-mail
80beats: Massive Spanish Botnet Busted, But Hacker Mastermind Remains Unknown
80beats: Code Protecting 80 Percent of Cellphone Convos Finally Cracked
80beats: In the Commute of the Future, Drivers Can Let a Pro Take the Wheel

Image: Savage et. al.

CATEGORIZED UNDER: Technology
  • http://NadaNada.com Lee Johnson

    Couldn’t I just disconnect the antenna so my car couldn’t get hacked. I have on star in my car but I refuse to pay $16 a month for the service so maybe I better find the antenna and break the connection. Or maybe I just pull the fuse. Where do I find out where to do this.

  • Andy D.

    Lee,

    It would take a lot more than disconnecting the antenna. The antenna on your car is (normally) only going to receive AM/FM and/or XM signals. If the antenna “talks” to the ECU I suppose it would be a theoretical possibility to gain access to the vehicle through that, but I doubt there is any connection.

    The year/make/model of you vehicle is what will determine your risk factor for what the author is talking about. Most vehicles today do not have any sort of WiFi capability (the technology is out there, it’s just not available on most vehicles) which would mean the hacker would have to install some sort of device onto your vehicle, my guess would be through the OBD-II port usually found by the drivers left knee.

    In short, I wouldn’t worry about it ;)

    Thanks,
    Andy

NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

80beats

80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.
ADVERTISEMENT

See More

ADVERTISEMENT
Collapse bottom bar
+

Login to your Account

X
E-mail address:
Password:
Remember me
Forgot your password?
No problem. Click here to have it e-mailed to you.

Not Registered Yet?

Register now for FREE. Registration only takes a few minutes to complete. Register now »