Latest Car News and Tips

Researcher Uses Laptop To Hack A Car

Researcher Uses Laptop To Hack A Car

Jul 26, 2013

Charlie Miller and Chris Valasek are two security experts who research about the security issues around the increasing dependence of automobiles with computers. What were their findings? Well, for starters, they successfully proved that using only a run-of-the-mill laptop, they can hack and take control of a car even while someone else was driving it.

Their research was funded by DARPA, the Pentagon’s research arm, and aims to raise the awareness of both the general public and the car manufacturers about the existence of such issues and how to go about it in the near future.

Using a 2010 Ford Escape and a Toyota Prius, the duo used cables to connect their gear to a car’s onboard ECU or electronic control unit. The ECU is part of the computer network that controls many of today’s modern car functionalities such as acceleration, braking, steering and displays. They then wrote a computer program that sent instructions directly to the car’s computer and automatically over-rode any commands or actions from the actual driver.

They filmed themselves while successfully steering a car from left to right, activating the brakes and overriding the fuel gauge from full to zero, all while the car is in motion under a driver’s control. In an interview with the BBC, a spokesperson from Toyota comments that because the researchers’ hardware had to be physically connected inside the Prius, it should not be considered as “hacking”, and as such, should not be considered a huge security threat. According to him,

“Altered control can only be made when the device is connected. After it is disconnected the car functions normally. We don’t consider that to be ‘hacking’ in the sense of creating unexpected behavior, because the device must be connected – ie the control system of the car physically altered. The presence of a laptop or other device connected to the OBD [on board diagnostics] II port would be apparent.”

However, Miller and Valasek reiterates that whether what they did was actually hacking or not is besides the point, as the point of their research is to see and understand how much control one could gain once somebody has gained control, regardless of the means, into a car’s electronics and computers.

And according to their findings, the reality is quite scary, as the cars appeared to to not acknowledge the address from where a command was being sent, only the instruction itself, thus enabling the two to accomplish what they have done with the Prius and the Escape.

Of course, both Toyota and Ford are not pleased with the two’s research. According to both manufacturers, they have heavily invested in R&D to ensure that their products employ security systems that are robust and reliable. In an interview, Toyota said,

“Our focus, and that of the entire automotive industry, is to prevent hacking into a vehicle’s by-wire control system from a remote/wireless device outside of the vehicle.Toyota has developed very strict and effective firewall technology against such remote and wireless services. We continue to try to hack our systems and have a considerable investment in state of the art electro-magnetic R&D facilities. We believe our systems are robust and secure.”

As for Ford, a company spokesman said,

“This particular attack was not performed remotely over-the-air, but as a highly aggressive direct physical manipulation of one vehicle over an elongated period of time, which would not be a risk to customers on any mass level,” it said in a statement. The safety, privacy, and security of our customers is and always will be paramount.”

Mr Miller and Mr Valasek intend to make their research openly available once they successfully present it at Defconin Las Vegas slated this coming August.

Source: BBC