Car Hacking Fears Go Wireless

Edward Niedermeyer
by Edward Niedermeyer

A year ago we reported on a study by the Center for Automotive Embedded Systems Security, which showed that the proliferation of eletronics systems in modern auomobiles left them vulnerable to hacks through the OBD-II port, leading to such scary lessons as

Much to our surprise, significant attacks do not require a complete understanding or reverse-engineering of even a single component of the car.

But, the results of that study were dependent on gaining physical access to a car’s OBD port. This year, the UC San Diego and University of Washington academics behind CAESS took their research a step further, exploring how hackers could compromise cars without ever gaining physical access to them. Researchers bought a 2009-model-year vehicle of undetermined make, and attempted to hack into it. One of their findings: cellular-enabled assistance programs like GM’s OnStar and Toyota’s SafetyConnect unsurprisingly leave vehicles especially vulnerable.

The NYT quotes the CAESS report [we will link to a PDF as it becomes available] as saying

These cellular channels offer many advantages for attackers. They can be accessed over arbitrary distance (due to the wide coverage of cellular data infrastructure) in a largely anonymous fashion, typically have relatively high bandwidth, are two-way channels (supporting interactive control and data exfiltration), and are individually addressable.

And that’s just the most obvious opportunity for auto hacking. The others are far scarier, as they use even more common access vectors to get to your car’s central computer. According to the AP

In a new study, they found ways to compromise security remotely, through wireless interfaces like Bluetooth, mechanics’ tools and even audio files. In one example, a modified song in a digital audio format could compromise the car’s CD player and infect other systems in the vehicle. They were also able to “obtain complete control” over the car by placing a call to the vehicle’s cell phone number and playing an audio signal that compromised the vehicle.

But, reports PC World, this isn’t a threat that should be overblown just yet:

Car hacking is “unlikely to happen in the future,” said Tadayoshi Kohno, an assistant professor with the University of Washington who worked on the project. “But I think the average customer will want to know whether the car they buy in five years … will have these issues mitigated.”

Another problem for would-be car thieves is the fact that there are significant differences among the electronic control units in cars. Even though an attack might work on one year and model of vehicle, it’s unlikely to work on another. “If you’re going to hack into one of them, you have to spend a lot of time, money and resources to get into one software version,” said Brian Herron, vice president of Drew Technologies, an Ann Arbor, Michigan, company that builds tools for automotive computer systems. “It’s not like hacking Windows, where you find a vulnerability and go after it.”

Needless to say, the industry is taking these threats extremely seriously, and both the Society of Automotive Engineers and the industry-backed United States Council for Automotive Research have formed committees to look into these threats. The SAE’s Jack Pokrzywa doesn’t exactly sooth consumer concerns, however, when he admits

The industry is certainly concerned about this. Things can be done, if there is a mindset to do this, and with all the electronic devices and the software running them, it’s kind of inevitable that someone will find a way. These systems are not built with firewalls upon firewalls.

Researchers refuse to speculate on possible scenarios of this kind of car hacking, although car theft is the most likely application, as a thief could theoretically unlock and start a car remotely if access to the ECU were achieved. And how much easier could a car thief’s job get than that?


Edward Niedermeyer
Edward Niedermeyer

More by Edward Niedermeyer

Comments
Join the conversation
4 of 10 comments
  • 76triumph 76triumph on Mar 11, 2011

    The greatest application may be as a plot device in a heist flick. You know the genre, where some hipster crook hacks the city's traffic signals. Now they can hack the cars and create an army of bots to block the cops while clearing the path for their getaway.

    • See 1 previous
    • MarcKyle64 MarcKyle64 on Mar 12, 2011

      Sounds like a great plot device for the next "The +Italian Job" remake! Of course digital gold is a LOT lighter than the gold they were hauling at the end of the Michael Cain version - and MUCH easier to steal.

  • Redmondjp Redmondjp on Mar 11, 2011

    The Feds have already utilized Onstar's built-in cell (speaker) phone function to surreptitiously listen in on people, without their knowledge (or even having an active Onstar account). So Big Brother already has ears inside your car . . . If you don't use Onstar, it's really simple to prevent this, diagonal cutters are your friend!

  • FreedMike Off topic, but folks, this site is not working well for me from a technical standpoint, and it doesn't matter if I'm using my phone, or my computer (on two different browsers). It locks up and makes it impossible to type anything in after a certain point. Anyone else having these issues?
  • Syke Kinda liked the '57, hated the '58. Then again, I hated the entire '58 GM line except for the Chevrolet. Which I liked better than the '57's. Still remember dad's '58 Impala hardtop, in the silver blue that was used as the main advertising color.
  • Dartdude The bottom line is that in the new America coming the elites don't want you and me to own cars. They are going to make building cars so expensive that the will only be for the very rich and connected. You will eat bugs and ride the bus and live in a 500sq-ft. apartment and like it. HUD wants to quit giving federal for any development for single family homes and don't be surprised that FHA aren't going to give loans for single family homes in the very near future.
  • Ravenuer The rear view of the Eldo coupe makes it look fat!
  • FreedMike This is before Cadillac styling went full scale nutty...and not particularly attractive, in my opinion.
Next