September 5, 2013
Any hacker can unlock computerized cars and drive away with your vehicle.
Rich Mogull, CEO of Securosis, a security research firm, explained : “The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes. Anything with a computer chip in it is vulnerable, history keeps showing us.”
Computers control steering, braking, acceleration and shifting; as well as gas pedals with positioned electronic sensors.
Last July, Hackers Chris Valasek and Charlie Miller have demonstrated from the backseat of a Toyota Prius that all you need is a Macbook and a USB cable in order to hack into a computer-controlled car.
Valasek is the director of security intelligence for IOActive and Miller is a security engineer for Twitter.
These two security researchers showed that they can turn off the breaks, for example, even if the driver is at the helm.
Using a grant from the Defense Advanced Research Projects Agency (DARPA), Miller and Valasek have been researching computerized car vulnerabilities since 2012 and displayed their findings at DEF CON, a hacker’s conference in Las Vegas.
Miller asserted that they “had full control of braking” and that they “disengaged the brakes so if you were going slow and tried to press the brakes they wouldn’t work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile.”
A hacker could gain control over more than the breaking system:
• Turn off power to the steering
• Have the onboard GPS give incorrect directions
• Change the numbers on the speedometer
• Force the car to change direction
Miller explained: “At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there. We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”
In 2010, teams from the University of Washington (UW) and the University of California (UC) were able to breach the computer systems of cars using cellular phone connections, Bluetooth headsets and a CD.
Computerized cars “contain cellular connections and Bluetooth wireless technology” that could be tapped into remotely and used to take over the controls of the vehicle, listen into the conversations taking place in the cab of the car and completely compromise the safety of the vehicle.
Because computer connections to cars are virtually indistinguishable from internet-connected computers, their propensity toward vulnerabilities from outside influences are similar.
Using an On-Star navigation unit, a hacker could utilize the controls a remote technician at the GPS corporation’s on-call center because they are fully capable of controlling a vehicle in the event of an accident or call from a customer.