It wasn’t too surprising when scientists first hacked into a car using its own onboard diagnostic port—sure, it’s easy to get into a car’s electronic brain if you’re already inside the car. Now the science of car-hacking has received a digital upgrade: Researchers have have gained access to modern, electronics-riddled cars from the outside. And in so doing, they’ve managed to take control of a car’s door locks, dashboard displays, and even its brakes.
The oddest part of these findings, which were presented this week to the National Academy of Science’s Committee on Electronic Vehicle Controls and Unintended Acceleration, is that they weren’t entirely intentional: It was all part of an investigation prompted by the Toyota acceleration problems, and was meant to probe the safety of electronic automotive systems. But testing those system’s safety also uncovered some flaws.
How It Works
The researchers took a 2009 sedan (they declined to identify the make and embarrass the manufacturer) and methodically tried to hack into it using every trick they could think of. They discovered a couple good ones.
By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. “It’s hard to think of something more innocuous than a song,” said Stefan Savage, a professor at the University of California. [PC World]
Built-in cellular services that provide safety and navigational assistance, like GM’s OnStar, can also be used to upload malicious code:
The researchers found that they could take control of this system by breaking through its authentication system. First, they made about 130 calls to the car to gain access, and then they uploaded code using 14 seconds of audio. [Technology Review]
In the wrong hands, the technology could certainly be harmful; once a hacker gains access, they can do anything from sabotage brakes to monitor car movements (by forcing the car to send GPS signals). But the engineers say the “wrong” hands wouldn’t have the know-how to undertake these complicated procedures—at least for now. As Stefan Savage, a computer scientist at the University of California, San Diego, told Technology Review: “This took 10 researchers two years to accomplish,” Savage adds. “It’s not something that one guy is going to do in his garage.”
DISCOVER: 20 Things You Didn’t Know About… Computer Hacking
80beats: Is the U.S. Government Losing the Battle Against Hackers?
80beats: The Latest Threat to the Amazon Rainforest: Hackers
80beats: Forget Car-Jacking: Car-Hacking Is the Crime of the Future
Image: Courtesy Center for Automotive Embedded Systems Security