Researchers have taken a look at the onboard systems of today's cars and found serious security problems
Nothing like the feeling of hitting the open road... in a hacked car. Researchers say this part of the experiment was frightening. While a test driver piloted the hacked car (right) on an abandoned airfield, researchers in this white vehicle gave chase, issuing different commands to an on-board laptop via wireless. They could pop the trunk, hit the brakes, kill the engine and lights, and turn on the horn.
A look at the CarShark user interface. Inspired by the WireShark software, used to sniff a PC network, CarShark can monitor and attack systems on a car's Controller Area Network (CAN).
Researchers at the University of Washington and the University of California, San Diego, have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. For much of their testing, they simply put the test-car on blocks, pictured here.
A look at how the researchers connected their laptop to the car's diagnostic system . In this set up, the laptop is running a custom network sniffing and attack tool called CarShark. It connects via a standard OBD-II port, (On-Board Diagnostics) found under the dashboard of most late-model cars.
A look at the computer lab setup. Here, researchers have hooked up an Elecgtronic Brake Control Module to a power supply, an oscilloscope and a converter that transmits the on-board diagnostic system protocal (called Controller Area Network) signals via USB. Example bench setup within our lab. The Electronic Brake Control Module (ECBM) is hooked up to a power supply, a CAN-to-USB converter, and an oscilloscope.
Pwned by CarShark at 140 MPH. Researchers were able to hack into the dashboard and add their own text. They could also make the system give false speedometer readings.
Don’t have an account? Sign up here
Don't have an account? Sign up now