Publications
Partners
As cars become more reliant on computers what's to stop a hacker taking control of yours? Not a lot, it seems... Read how tech-savvy thieves can unlock a car, steer it, even shut down the engine, from a laptop or cellphone!
DETROIT, Michigan - As cars become more like computers on wheels what's to stop a hacker taking control of yours?
In recent demonstrations hackers have shown they can slam on a car's brakes at freeway speeds, jerk the steering wheel and even shut down the engine - all from a laptop.
The hackers are publicising their work to reveal the vulnerability of a growing number of vehicle computers. All cars and trucks contain anywhere from 20 to 70 computers to control everything from brakes, acceleration to the windows and they're connected to an internal network.
TAKING CONTROL… WITH A PHONE
Hackers can find their way into these intricate networks. In one case a team manipulated two cars by plugging a laptop into a port beneath the facia, the same port technicians use to diagnose problems. Another group took control of a vehicle with a cellphone by using a Bluetooth connection, the CD player and even the tyre-pressure monitors.
The hackers involved were well-intentioned computer security experts and it took both groups months to break into the computers. There have been no real-world cases of a hacker taking remote control of a vehicle but experts believe high-tech hijackings will become easier as automakers equip vehicles with internet access and add computer-controlled safety devices.
CEO of Phoenix-based Securosis, Rich Mogull, said: "The more technology they add to the vehicle, the more opportunities there are for abuse. Anything with a computer chip in it is vulnerable."
Through the 25 years to 2013 automakers have gradually computerised functions such as steering, braking, accelerating and gear-shifting. Electronic accelerator pedal position sensors, for instance, are more reliable than the old cables. Electronic parts also reduce weight and fuel consumption.
The networks of mini-computers in today's cars are fertile ground for hackers. A security engineer for Twitter, Charlie Miller, and fellow-hacker Chris Valasek, director of intelligence at a Pittsburgh computer security consulting firm, maneuvered their way into the systems of a 2010 Toyota Prius and 2010 Ford Escape through a port used by mechanics.
‘WE COULD CONTROL STEERING, BRAKES…’
Valasek said: "We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, fuel gauge." To be fair to automakers, the pair used a federal grant to expose the vehicles' vulnerability - and it took them nine months to get in.
Valasek and Miller released a report, including instructions on how to break into the cars' networks, at a hackers' convention in August 2013 "to draw attention to the problems and get automakers to fix them". The pair said automakers haven't added security to the ports.
Ford wouldn't comment other than to make a statement saying it takes security seriously and that Miller and Valasek needed physical access to the cars to hack in.
Toyota said it has added security and continually tested its products to stay ahead of hackers. Its computers were programmed to recognise rogue commands and reject them.
In 2011 researchers at Washington and San Diego universities did more extensive work, hacking their way into a 2009 midsize car through its cellular, Bluetooth and other wireless connections - even the CD player.
Stefan Savage, a University of California computer science professor, said he and other researchers could control most things, but not the steering.
‘WE COULD’VE KILLED THE ENGINE’
He added: "We could have turned off the brakes. We could have killed the engine. We could have engaged the brakes."
Savage wouldn't identify the car's brand but two people with knowledge of the work said it was from General Motors and the researchers compromised its OnStar safety system, best known for using cellular technology to check on customers and call for help in a crash.
GM wouldn't comment on the research but the company issued a statement saying it took security seriously and was putting strategies in place to reduce risk.
Savage didn't think common criminals would be able to electronically seize control of a car anytime soon. It would take too much time, expertise, money and hard work. "You're talking about a rarefied group with the resources and wherewithal."
Instead, he believed basic theft was a more likely consequence of computerisation, with criminals able to unlock doors remotely and then start and drive the car by hacking through the diagnostic port.
Remote door-unlocking could also lead to theft of packages, phones and other items left in a car.
DETROIT, Michigan - As cars become more like computers on wheels what's to stop a hacker taking control of yours?
In recent demonstrations hackers have shown they can slam on a car's brakes at freeway speeds, jerk the steering wheel and even shut down the engine - all from a laptop.
The hackers are publicising their work to reveal the vulnerability of a growing number of vehicle computers. All cars and trucks contain anywhere from 20 to 70 computers to control everything from brakes, acceleration to the windows and they're connected to an internal network.
TAKING CONTROL… WITH A PHONE
Hackers can find their way into these intricate networks. In one case a team manipulated two cars by plugging a laptop into a port beneath the facia, the same port technicians use to diagnose problems. Another group took control of a vehicle with a cellphone by using a Bluetooth connection, the CD player and even the tyre-pressure monitors.
The hackers involved were well-intentioned computer security experts and it took both groups months to break into the computers. There have been no real-world cases of a hacker taking remote control of a vehicle but experts believe high-tech hijackings will become easier as automakers equip vehicles with internet access and add computer-controlled safety devices.
CEO of Phoenix-based Securosis, Rich Mogull, said: "The more technology they add to the vehicle, the more opportunities there are for abuse. Anything with a computer chip in it is vulnerable."
Through the 25 years to 2013 automakers have gradually computerised functions such as steering, braking, accelerating and gear-shifting. Electronic accelerator pedal position sensors, for instance, are more reliable than the old cables. Electronic parts also reduce weight and fuel consumption.
The networks of mini-computers in today's cars are fertile ground for hackers. A security engineer for Twitter, Charlie Miller, and fellow-hacker Chris Valasek, director of intelligence at a Pittsburgh computer security consulting firm, maneuvered their way into the systems of a 2010 Toyota Prius and 2010 Ford Escape through a port used by mechanics.
‘WE COULD CONTROL STEERING, BRAKES…’
Valasek said: "We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, fuel gauge." To be fair to automakers, the pair used a federal grant to expose the vehicles' vulnerability - and it took them nine months to get in.
Valasek and Miller released a report, including instructions on how to break into the cars' networks, at a hackers' convention in August 2013 "to draw attention to the problems and get automakers to fix them". The pair said automakers haven't added security to the ports.
Ford wouldn't comment other than to make a statement saying it takes security seriously and that Miller and Valasek needed physical access to the cars to hack in.
Toyota said it has added security and continually tested its products to stay ahead of hackers. Its computers were programmed to recognise rogue commands and reject them.
In 2011 researchers at Washington and San Diego universities did more extensive work, hacking their way into a 2009 midsize car through its cellular, Bluetooth and other wireless connections - even the CD player.
Stefan Savage, a University of California computer science professor, said he and other researchers could control most things, but not the steering.
‘WE COULD’VE KILLED THE ENGINE’
He added: "We could have turned off the brakes. We could have killed the engine. We could have engaged the brakes."
Savage wouldn't identify the car's brand but two people with knowledge of the work said it was from General Motors and the researchers compromised its OnStar safety system, best known for using cellular technology to check on customers and call for help in a crash.
GM wouldn't comment on the research but the company issued a statement saying it took security seriously and was putting strategies in place to reduce risk.
Savage didn't think common criminals would be able to electronically seize control of a car anytime soon. It would take too much time, expertise, money and hard work. "You're talking about a rarefied group with the resources and wherewithal."
Instead, he believed basic theft was a more likely consequence of computerisation, with criminals able to unlock doors remotely and then start and drive the car by hacking through the diagnostic port.
Remote door-unlocking could also lead to theft of packages, phones and other items left in a car.
