Car hackers can kill brakes, engine, and more

Researchers have taken a look at the onboard systems of today's cars and found serious security problems

University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results.

In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car.

In a late 2009 demonstration at a decommissioned airfield in Blaine Washington, they hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes. In other tests, they were able to kill the engine, falsify the speedometer reading, and automatically lock the car's brakes unevenly, a maneuver that could destabilize the car traveling high speeds. They ran their test by plugging a laptop into the car's diagnostic system and then controlling that computer wirelessly, from a laptop in a vehicle riding next to the car.

The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems.

"We think this is an industry issue," said Stefan Savage, an associate professor with the University of California, San Diego.

He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern.

"If there's no action taken on the part of all the relevant stakeholders, then I think there might be a reason to be concerned," Kohno said. Neither he nor Savage would name the maker of the car they conducted their tests on. They don't want to single out any one auto-maker, they said.

That probably comes as a relief to whomever made the car the researchers probed, as they found it pretty easy to hack.

"In starting this project we expected to spend significant effort reverse-engineering, with non-trivial effort to identify and exploit each subtle vulnerability," they write in their paper. "However, we found existing automotive systems—at least those we tested—to be tremendously fragile."

To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008. They developed a program called CarShark that listens in on CAN traffic as it's sent about the onboard network, and then built ways to add their own network packets.

Step-by-step, they figured out how to take over computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn.

They developed a lot of attacks using a technique called "fuzzing" -- where they simply spit a large number of random packets at a component and see what happens.

"The computer control is essential to a lot of the safety features that we depend on," Savage said. "When you expose those same computers to an attack, you can have very surprising results, such as you put your foot down on a brake pedal and it doesn't stop."

Another discovery: although industry standards say that onboard systems are supposed to be protected against unauthorized firmware updates, the researchers found that they could change the firmware on some systems without any sort of authentication.

In one attack that the researchers call "Self-destruct" they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown.

Hacking a car isn't for the faint-hearted. At several points the team worried it might have come close to permanently damaging the two identical-make cars it experimented with, but that never happened, Kohno said. "You really don't want software to accidentally change critical parts of the transmission," he said.

Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: http://twitter.com/bobmcmillan

Join the PC World newsletter!

Error: Please check your email address.

Tags carssecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?