Engineers Can Now Wirelessly Hack Your Car

By Patrick Morgan | March 16, 2011 4:11 pm

It wasn’t too surprising when scientists first hacked into a car using its own onboard diagnostic port—sure, it’s easy to get into a car’s electronic brain if you’re already inside the car. Now the science of car-hacking has received a digital upgrade: Researchers have have gained access to modern, electronics-riddled cars from the outside. And in so doing, they’ve managed to take control of a car’s door locks, dashboard displays, and even its brakes.

The oddest part of these findings, which were presented this week to the National Academy of Science’s Committee on Electronic Vehicle Controls and Unintended Acceleration, is that they weren’t entirely intentional: It was all part of an investigation prompted by the Toyota acceleration problems, and was meant to probe the safety of electronic automotive systems. But testing those system’s safety also uncovered some flaws.

How It Works

The researchers took a 2009 sedan (they declined to identify the make and embarrass the manufacturer) and methodically tried to hack into it using every trick they could think of. They discovered a couple good ones.

By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. “It’s hard to think of something more innocuous than a song,” said Stefan Savage, a professor at the University of California. [PC World]

Built-in cellular services that provide safety and navigational assistance, like GM’s OnStar, can also be used to upload malicious code:

The researchers found that they could take control of this system by breaking through its authentication system. First, they made about 130 calls to the car to gain access, and then they uploaded code using 14 seconds of audio. [Technology Review]

In the wrong hands, the technology could certainly be harmful; once a hacker gains access, they can do anything from sabotage brakes to monitor car movements (by forcing the car to send GPS signals). But the engineers say the “wrong” hands wouldn’t have the know-how to undertake these complicated procedures—at least for now. As Stefan Savage, a computer scientist at the University of California, San Diego, told Technology Review: “This took 10 researchers two years to accomplish,” Savage adds. “It’s not something that one guy is going to do in his garage.”

Related Content:
DISCOVER: 20 Things You Didn’t Know About… Computer Hacking
80beats: Is the U.S. Government Losing the Battle Against Hackers?
80beats: The Latest Threat to the Amazon Rainforest: Hackers
80beats: Forget Car-Jacking: Car-Hacking Is the Crime of the Future

Image: Courtesy Center for Automotive Embedded Systems Security

CATEGORIZED UNDER: Technology
ADVERTISEMENT
NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

80beats

80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.
ADVERTISEMENT

See More

ADVERTISEMENT
Collapse bottom bar
+