By on March 11, 2011

A year ago we reported on a study by the Center for Automotive Embedded Systems Security, which showed that the proliferation of eletronics systems in modern auomobiles left them vulnerable to hacks through the OBD-II port, leading to such scary lessons as

Much to our surprise, significant attacks do not require a complete understanding or reverse-engineering of even a single component of the car.

But, the results of that study were dependent on gaining physical access to a car’s OBD port. This year, the UC San Diego and University of Washington academics behind CAESS took their research a step further, exploring how hackers could compromise cars without ever gaining physical access to them. Researchers bought a 2009-model-year vehicle of undetermined make, and attempted to hack into it. One of their findings: cellular-enabled assistance programs like GM’s OnStar and Toyota’s SafetyConnect unsurprisingly leave vehicles especially vulnerable.

The NYT quotes the CAESS report [we will link to a PDF as it becomes available] as saying

These cellular channels offer many advantages for attackers. They can be accessed over arbitrary distance (due to the wide coverage of cellular data infrastructure) in a largely anonymous fashion, typically have relatively high bandwidth, are two-way channels (supporting interactive control and data exfiltration), and are individually addressable.

And that’s just the most obvious opportunity for auto hacking. The others are far scarier, as they use even more common access vectors to get to your car’s central computer. According to the AP

In a new study, they found ways to compromise security remotely, through wireless interfaces like Bluetooth, mechanics’ tools and even audio files. In one example, a modified song in a digital audio format could compromise the car’s CD player and infect other systems in the vehicle. They were also able to “obtain complete control” over the car by placing a call to the vehicle’s cell phone number and playing an audio signal that compromised the vehicle.

But, reports PC World, this isn’t a threat that should be overblown just yet:

Car hacking is “unlikely to happen in the future,” said Tadayoshi Kohno, an assistant professor with the University of Washington who worked on the project. “But I think the average customer will want to know whether the car they buy in five years … will have these issues mitigated.”

Another problem for would-be car thieves is the fact that there are significant differences among the electronic control units in cars. Even though an attack might work on one year and model of vehicle, it’s unlikely to work on another. “If you’re going to hack into one of them, you have to spend a lot of time, money and resources to get into one software version,” said Brian Herron, vice president of Drew Technologies, an Ann Arbor, Michigan, company that builds tools for automotive computer systems. “It’s not like hacking Windows, where you find a vulnerability and go after it.”

Needless to say, the industry is taking these threats extremely seriously, and both the Society of Automotive Engineers and the industry-backed United States Council for Automotive Research have formed committees to look into these threats. The SAE’s Jack Pokrzywa doesn’t exactly sooth consumer concerns, however, when he admits

The industry is certainly concerned about this. Things can be done, if there is a mindset to do this, and with all the electronic devices and the software running them, it’s kind of inevitable that someone will find a way. These systems are not built with firewalls upon firewalls.

Researchers refuse to speculate on possible scenarios of this kind of car hacking, although car theft is the most likely application, as a thief could theoretically unlock and start a car remotely if access to the ECU were achieved. And how much easier could a car thief’s job get than that?

Get the latest TTAC e-Newsletter!

10 Comments on “Car Hacking Fears Go Wireless...”


  • avatar
    Steven02

    Interesting article, but I agree with the reports that this is probably nothing to worry about.  If a lot of time an effort was put into this, yes they will fine vulnerabilities on any vehicle.  Then you might actually have “demons in the electronics.”  (Sorry couldn’t resist).
     
    But the volume of car makes this not very practical.  Every make and model might have different vulnerabilities.  This would make it difficult to document them, and it will only be around for a few years till you have to do it again.  Great quote I saw from a recent event where the goal is to hack an OS.
     
    http://www.dailytech.com/article.aspx?newsid=21097
    Since not many hackers target OS X, those that do have to tread entirely new ground.  Take Mr. Bekrar and his team at French security firm VUPEN.  He says that the exploit was “relatively difficult” due to lack of documentation in the security/hacking community on OS X.  He states in a ZDNet interview, “We had to do everything from scratch. We had to create a debugging tool, create the shellcode and create the ROP (return oriented programming) technique.  The main difficulty was doing this on our own, without the help of any documentation.”

    Another difficulty was in finding a “reliable” vulnerability.  All modern browsers have vulnerabilities, but not all vulnerabilities are created equal.  Identifying the “best” vulnerabilities takes a lot of time and dedication — time that has been invested in attacking Windows machines, but not so much with OS X.

    It is going to take some work to do this.  Unlike Windows, there isn’t much time and effort put into hacking cars.

  • avatar
    PVDave

    I agree with Steven02. Most cars provide Bluetooth connectivity to allow hands-free cell phone use with the ignition on. This means most cars with bluetooth connectivity will not recieve a signal sitting in the parking lot with the iginiton off.

    Most folks who looking to rain mischief on other cars want to do it while the owner is away. If the car is only vulnerable when the key is in the ignition (or a key fob is nearby…), potential hacks are much less attractive.

  • avatar
    tced2

    Last year, I looked at a device that plugged into the OBD connector and sent data wirelessly (via WiFi) to an Ipod Touch/Iphone for display.  I wondered about the security of this setup.  I was not aware that anything could be written into the ECU via this connection – it was “read only”.

    • 0 avatar
      Steven02

      Of course you can write using the OBD II port, many software updates use this. If you use any tuning software, it use the OBD II port to write information.

  • avatar
    K5ING

    While not technically hacking, wasn’t there a case a few years ago when someone transmitted a radio signal and opened the trunk lids on hundreds of Cadillacs, including the whole inventory of a Cadillac dealer?  I think it was in San Diego, but I’m not sure.
     
    Give me a good ‘ol key, manual windows, and personal control over my car, please.
     

  • avatar
    dolo54

    The average person would probably never need to worry about this, but that sounds like an amazing plot device for a cloak and dagger movie. High muckety muck gets assassinated by hacker who hacks into their car and cause the drive by wire to go crazy and crash the car.

  • avatar
    76triumph

    The greatest application may be as a plot device in a heist flick.  You know the genre, where some hipster crook hacks the city’s traffic signals.  Now they can hack the cars and create an army of bots to block the cops while clearing the path for their getaway.

  • avatar
    redmondjp

    The Feds have already utilized Onstar’s built-in cell (speaker) phone function to surreptitiously listen in on people, without their knowledge (or even having an active Onstar account).

    So Big Brother already has ears inside your car . . . If you don’t use Onstar, it’s really simple to prevent this, diagonal cutters are your friend!


Back to TopLeave a Reply

You must be logged in to post a comment.

Subscribe without commenting

Recent Comments

New Car Research

Get a Free Dealer Quote

Staff

  • Authors

  • Brendan McAleer, Canada
  • Marcelo De Vasconcellos, Brazil
  • Matthias Gasnier, Australia
  • Tycho de Feyter, China
  • W. Christian 'Mental' Ward, Abu Dhabi
  • Mark Stevenson, Canada
  • Faisal Ali Khan, India