By on January 13, 2012

…We also found that the entire attack can be implemented in a completely blind fashion—without any capacity to listen to the car’s responses. Demonstrating this, we encoded an audio file with the modulated post-authentication exploit payload and loaded that file onto an iPod. By manually dialing our car on an office phone and then playing this “song” into the phone’s microphone, we are able to achieve the same results and compromise the car.

This tidbit, found on page 11 of “Comprehensive Experimental Analyses of Automotive Attack Surfaces” by researchers from the University of California (San Diego) and the University of Washington, says exactly what you think it says: it’s becoming easy for intelligent, dedicated criminals to steal your car — or, worse yet, to control certain functions of the car remotely while you’re driving it.

The complete article details the team’s attempts to find vulnerabilities in an unnamed, “100,000 to 200,000 units per year” sedan. Here’s another super-fun discovery by the team. I’ve bolded the horrifying part for our readers who don’t like long quotes.

For the former, we experimentally verified this by compromising two cars
(located over 1,000 miles apart), having them both join the IRC channel, and then both simultaneously respond to a single command (for safety, the command we sent simply made the audio systems on both cars chime). Finally, the high-bandwidth nature (up to 1 Mbps at times) of this channel makes it easy to exfiltrate data. (No
special software is needed since ftp is provided on the host platform.) To make this concrete we modified our attack code for two demonstrations: one that periodically “tweets” the GPS location of our vehicle and another that records cabin audio conversations and sends the recorded data to our servers over the Internet.

The entire article is worth reading, even if talk of “stack overflows” won’t exactly rivet those of you who didn’t grow up writing “sploits”. It details one exploit in which the team remotely unlocked a car and started it up so an “unskilled accomplice” could drive it away. Another scenario: by compromising a group of cars in the Google parking lot, decoding the VINs to determine which ones were expensive, and correlating the location of the car at 7pm to known property records, it would be possible to sell Google executive conversations to third parties. Gosh, I can’t think of anyone who would pay money to hear what the Google CEO is talking about in private.

The team goes on to state how the exploits they discovered can be easily disabled in the future by adding encryption, reducing unnecessary “easter eggs” in embedded vehicle code, and more thorough debugging. What they do not explicitly state is that anyone familiar with how the car business works will be rolling on the proverbial floor laughing at the idea of automakers taking due care with their on-board electronics.

Not frightened by the idea of losing your car to hackers in Romania? Unconcerned that someone might be able to remotely throw random inputs into the adaptive steering in your wife’s BMW while simultaneously cranking the stereo to 110 dB, permanently locking the doors, and turning off the headlights? Just think of what will happen when self-driving cars become the norm.

Get the latest TTAC e-Newsletter!

17 Comments on “Got An iPod? Want To Steal Some Cars?...”


  • avatar
    67dodgeman

    So you’re saying that someone can “call” my ’89 Chevy and actually turn the radio on? Damn! That radio hasn’t worked in years, I’m hoping they can help a brother out! While they’re at it, can they firm up the transmission 2:3 shift? It seems to be slipping a little. Thanks!

  • avatar
    redav

    What they do not explicitly state is that anyone familiar with how the car business works will be rolling on the proverbial floor laughing at the idea of automakers taking due care with their on-board electronics.

    After becoming familiar with MyFord Touch, I have no expectation of any car maker being competant with electronic gadgets and connectivity doodads. All the more reason they should stop wasting money on them and instead focus on building cars.

  • avatar
    don1967

    Cue the viral video of a runaway Prius being chased down the highway by a malicious iPhone in 3… 2…

  • avatar
    Nicholas Weaver

    Dan Wallach already did an excellent “for humans” summary on this site already: https://www.thetruthaboutcars.com/2011/08/can-somebody-steal-your-car-by-calling-it-on-the-phone/

    This is a paper from back in August that somehow got news publicity now.

    • 0 avatar
      spatula6554

      I remember reading that article…it scared me just as much as this one did now. I think I am paranoid enough now to put together a tube frame with a diesel powerplant from the ’90s; the less wires the better.

      Realistically though, these articles jive with other trends; police are losing ground in apprehending car thieves who are becoming more intelligent and dedicated due to the value of the cars they are working on; bigger payday, you work harder at it.

      Think about any other electronic consumer products (cars these days are closer to electronic than mechanical). Most of these electronic appliances (because most treat their cars like appliances) have locks, safeguards, lo-jack, etc. Some will even purge all of their memory if someone starts tampering with it.

      I agree that it will take obscene pressure to force OEMs to install these (now seemingly required) safeguards but it will be worth it…especially if the 1% think their safety, privacy and confidentiality are at stake.

  • avatar
    axual

    “Punch up the data charts of Reliant’s command console …”

    The Wrath of Khan comes to mind here.

  • avatar
    stryker1

    I am in your car
    I AM DUMPING YOUR CLUTCH

  • avatar
    JMII

    They stole this idea from the classic 80s movie “War Games” where they use an audio recording of the keypad presses on the door’s security pad to open it.

  • avatar
    toffeecoatedlugnuts

    Am I the only one who got a giggle from the Author’s disclaim of ever being a member of a certain legendary cult? .ooM

  • avatar
    daveainchina

    The heck with car thieves, what about either some teenager doing the “I wonder if I could…..”

    or worse a terrorist deciding to suddenly attack all the cars in all the major cities with say, loud stereo, reverse the input of the steering wheel and full acceleration. How many accidents do you think would happen within 3 minutes. How many dead, or in the hospital?

    Lastly, who’d feel safe going to work in their car again? Everyone would be trying to buy 1970’s pinto’s etc.

    That would truly be a catastrophe on a scale that I don’t think we’re ready to deal with.

  • avatar
    CPTG

    You can’t be scared of something if it is inevitable to happen. Remember the car thief that stole the victim’s caddy? It had an ONSTAR in it. Victim called ONSTAR, who GPS’d its location and notified the Police. When the Police ID’s the vehicle, ONSTAR asked the Police if they wanted ONSTAR to disable the vehicle and they did (cut off the fuel supply).

    I’m not worried about the future of NETWORKED Cars. It just means you’ll have to install a firewall and security software to prevent intruders. Or do what I plan to do…buy an Apple iCAR—see, no more security worries because it is a totally closed system.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • slavuta: But a black lady, Boston mayor, said same thing – no way we’re to be required to show papers....
  • 28-Cars-Later: I agree but when I purchased the cost difference for a Prius was about 5K (no incentives IIRC) and...
  • theflyersfan: @Ferrari – and that’s why the old British cars are the best. New cars might be well built...
  • slavuta: Lets talk about Russia-US as you started it. Why would Russia want America to fail? They have even a bigger...
  • FerrariLaFerrariFace: That definitely factors in, yes. I added USB ports that have a digital voltmeter on it, just...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Adam Tonge
  • Bozi Tatarevic
  • Corey Lewis
  • Mark Baruth
  • Ronnie Schreiber