Hackers take over car in chilling real-world demo

BY BARRY PARK | 29th Jul 2013


COMPUTER hackers will demonstrate to the world next month how they are able to take over a car’s electronic network and play around with its settings – including disabling the brakes.

Chris Valasek, the director of security intelligence at US-based computing security group IOActive and Charlie Miller, a security engineer at social media company Twitter, will present a paper early next month at an international meeting of hackers showing how they were able to take control of a car.

“Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality,” the briefing for the August 1 DefCon convention in Las Vegas says.

“This presentation will examine some controls in two modern automobiles from a security researcher's point of view.

“We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus.

“Secondly, we will demo software to show how data can be read and written to the CAN bus.

“Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering.

“Finally, we'll discuss aspects of reading and modifying the firmware of ECUs installed in today's modern automobile.” Cars such as Holden’s Commodore large car, which last month launched with a radical overhaul of its electronics system, can have as many as 40 to 60 separate microcomputers in them running everything from the radio to the air-conditioning, brakes and even the steering.

However, they are also increasingly connecting to the internet via mobile phone systems, giving hackers an opportunity to get inside the car’s electronics and play around with the settings.

US magazine Forbes met with Mr Valasek and Mr Miller to see what was possible once a hacker was inside the car’s electronic network.

Journalist Andy Greenberg attempted to drive a hacked Toyota Prius and a similarly hijacked Ford Escape. While he was driving, the pair was able to tweak the steering, jump on the brakes, disable them, sound the horn, jerk on the seatbelts, play with the fuel gauge and play around with the car’s digital speedo.

Car-makers have been connecting cars to the internet for almost a decade. French car-maker Citroen was the first to introduce a wired-in car in Australia with its flagship second-generation C5 five-door hatchback.

Technicians could plug the car into a computer network overnight and have Citroen’s French workforce diagnose and tweak the car’s software.

DefCon, an annual conference focussing on computer security, runs from August 1.

Read more

US takes fight to car hackers
BMW to offer helping hand to hackers
Ford announces app hack cash grab
Full Site
Back to Top

Main site

Researching

GoAutoMedia