A year ago we reported on a study by the Center for Automotive Embedded Systems Security, which showed that the proliferation of eletronics systems in modern auomobiles left them vulnerable to hacks through the OBD-II port, leading to such scary lessons as
Much to our surprise, signiﬁcant attacks do not require a complete understanding or reverse-engineering of even a single component of the car.
But, the results of that study were dependent on gaining physical access to a car’s OBD port. This year, the UC San Diego and University of Washington academics behind CAESS took their research a step further, exploring how hackers could compromise cars without ever gaining physical access to them. Researchers bought a 2009-model-year vehicle of undetermined make, and attempted to hack into it. One of their findings: cellular-enabled assistance programs like GM’s OnStar and Toyota’s SafetyConnect unsurprisingly leave vehicles especially vulnerable.
The NYT quotes the CAESS report [we will link to a PDF as it becomes available] as saying
These cellular channels offer many advantages for attackers. They can be accessed over arbitrary distance (due to the wide coverage of cellular data infrastructure) in a largely anonymous fashion, typically have relatively high bandwidth, are two-way channels (supporting interactive control and data exfiltration), and are individually addressable.
And that’s just the most obvious opportunity for auto hacking. The others are far scarier, as they use even more common access vectors to get to your car’s central computer. According to the AP
In a new study, they found ways to compromise security remotely, through wireless interfaces like Bluetooth, mechanics’ tools and even audio files. In one example, a modified song in a digital audio format could compromise the car’s CD player and infect other systems in the vehicle. They were also able to “obtain complete control” over the car by placing a call to the vehicle’s cell phone number and playing an audio signal that compromised the vehicle.
But, reports PC World, this isn’t a threat that should be overblown just yet:
Car hacking is “unlikely to happen in the future,” said Tadayoshi Kohno, an assistant professor with the University of Washington who worked on the project. “But I think the average customer will want to know whether the car they buy in five years … will have these issues mitigated.”
Another problem for would-be car thieves is the fact that there are significant differences among the electronic control units in cars. Even though an attack might work on one year and model of vehicle, it’s unlikely to work on another. “If you’re going to hack into one of them, you have to spend a lot of time, money and resources to get into one software version,” said Brian Herron, vice president of Drew Technologies, an Ann Arbor, Michigan, company that builds tools for automotive computer systems. “It’s not like hacking Windows, where you find a vulnerability and go after it.”
Needless to say, the industry is taking these threats extremely seriously, and both the Society of Automotive Engineers and the industry-backed United States Council for Automotive Research have formed committees to look into these threats. The SAE’s Jack Pokrzywa doesn’t exactly sooth consumer concerns, however, when he admits
The industry is certainly concerned about this. Things can be done, if there is a mindset to do this, and with all the electronic devices and the software running them, it’s kind of inevitable that someone will find a way. These systems are not built with firewalls upon firewalls.
Researchers refuse to speculate on possible scenarios of this kind of car hacking, although car theft is the most likely application, as a thief could theoretically unlock and start a car remotely if access to the ECU were achieved. And how much easier could a car thief’s job get than that?