By on February 10, 2015

2012_Chevrolet_Impala. Photo courtesy wikipedia

As connected technologies make inroads into vehicles et al, the growing possibility of sabotage has the Department of Defense and DARPA on notice.

Per Jalopnik, CBS’ “60 Minutes” spent some time with DARPA Information Innovation Office chief Dan Kaufman to explore the vulnerabilities of connected technology coming into play not only on the road, but at home, in the office et al.

In one demonstration, Kaufman was able to break into the OnStar system aboard a previous-gen Chevrolet Impala, transplanting a code that allowed him to control everything on the car, from the wipers and the horn, to the braking and acceleration system itself.

The situation may be more dire still: a report from Sen. Ed Markey of Massachusetts’ office states all new vehicles can be hacked, and that only “two out of 16 car makers can diagnose or respond to an infiltration in real-time.”

Get the latest TTAC e-Newsletter!

36 Comments on “DOD: Connected Technologies Growing More Vulnerable To Sabotage...”


  • avatar
    gmichaelj

    I have a 2006 Impala, and now I’d like to disconnect onstar. Anyone know how this could be done? thanks

  • avatar
    mikey

    Full disclosure here. I own a 2014 Impala, I also owned a 09 LTZ Impala. The 09 was nice, but I just love my 2014.

    With that all being said. What thief with that sort of tech, savy, is going to hack into an Impala ? If he did, the question would be “why” Why not a Rover or a Lexus, maybe a Bimmer

    If your planning to rob a jewellery store, are you going to hit the watch counter at Wallmart.??

    • 0 avatar
      an innocent man

      I think the keyword is sabotage, not thievery. Kid hacks playing dangerous pranks, ex-spouse who worked in IT, certain government agencies displeased with an investigative journalist. Next thing ya know, no one can figure out why you purposely steered your car to hit the tree and there were no skid marks.

      /adjusts reflective hat

      • 0 avatar
        Mike

        I agree with the sabotage answer. For example, imagine a series of bridges along a major interstate. At the first bridge in either direction, a transmitter device would attempt to break-in to every vehicle’s control system as random cars pass under, then at the next bridge, that transmitter would control those cars it successfully hacked at the previous bridge. It could suddenly jerk your steering wheel left into oncoming traffic, disable the brakes, and/or accelerate.

        Why? Initially it may be a proof of concept. After that, it will used as a terrorism tool.

      • 0 avatar
        SpinnyD

        never happen, nope, never.

        http://www.bing.com/search?q=journalist+dies+in+car+wreck+in+his+mercedes&qs=n&form=QBLH&scope=web&pc=MOZI&pq=journalist+dies+in+car+wreck+in+his+mercedes&sc=0-24&sp=-1&sk=&cvid=6ff6cfb06513479aa7b42154553a5749

    • 0 avatar
      28-Cars-Later

      Mikey, I think the point is this: anything electronic can be hacked. If sophisticated thieves can do it, its only a matter of time before the local flavor uses it to steal your property (not to mention your various levels of authority using it for surveillance purposes).

  • avatar
    Zackman

    My Impala is a 2012 LTZ. If someone wants to hack in and drive me to and from work every day, please do it, I’d love it!

    I think it’s hilarious to show a last-gen Impala, I mean, who would want to hack one of these? Easy target, perhaps? Maybe I better wrap the rear view mirror in tin foil? Or the little aerial thingy on the rear of the roof?

    Hmmm… after all, I do love the thing…

    • 0 avatar
      PrincipalDan

      The only impetus for hacking the old W-body is the fact that their cheap price on the used car market means that they are quickly becoming the young gangsta whip of choice in my area. (Nothing against the people who bought new – just the Impala keeping up the tradition. I haven’t seen any turned into low-riders yet.)

      • 0 avatar
        CoreyDL

        Is this not happening to the Lucerne as well? I know the DTS holds value quite a bit better.

        The Lucerne certainly lends itself to chrome and landau better.

        • 0 avatar
          PrincipalDan

          Lucerne yes, DTS – no. The DTS I’m seeing that are going deep tint and “funny” smelling smoke escaping the slightly cracked windows are usually pre-refresh (2005 and older).

          I do laugh though when I count the portholes on a gangsta Lucerne and realize that it has the lowly V6.

          • 0 avatar
            CoreyDL

            I’m always surprised to see the pre-06 DTS models still running around. I guess the previous first or second owner fixed the N* and the car became ghetto after that?

            Not many Lucerne Supers around wit dat 8.

          • 0 avatar
            PrincipalDan

            If you see a one owner DeVille or DTS on a used car lot in Gallup, NM (where I’m living) there is a 99.9999999% chance that it was dealer maintained with a stack of receipts. Old people don’t take their cars to PepBoys when something goes wrong.

          • 0 avatar
            CoreyDL

            You and that Diamond Dust!

          • 0 avatar
            28-Cars-Later

            “Lucerne and realize that it has the lowly V6.”

            Perhaps a visit to the confessional is in order my son?

          • 0 avatar
            PrincipalDan

            Father, we’re not talking “peak 200+ NA HP 3800” here. The Lucerne got the choked down under 200 hp 3800 in a car the size of a senior Cadillac. If I’m going to sample the Fireball V6 I’d rather find a nicely cared for 2005 Park Avenue or LeSabre.

          • 0 avatar
            28-Cars-Later

            MY06-08 Lucerne ran the L26, which is an L36 which slight changes. The L36 produces 230 ft-tq @ 4500rpm and 205bhp @ 5200 rpm IIRC. While it lacks the extra oomph of the L67 or later L32, it is more than sufficient to move a G-body around comfortably. Don’t forget the MY98-05 Park Avenue is a G-body and the L67 was only available in the Ultra. So when driving one, you are driving an L36 3800 unless you’re cruising an Ultra. After MY08 the Lucerne switched to a 60V6 derivative with a different powerband which may or may not feel like a snoozer in comparison.

            “The L26 is the Series III version of the 3800. It is still a 3.8 L (231 cu in) design. Compression remains at 9.4:1 as with previous L36’s, but the aluminum upper intake (2004+) and stronger connecting rods (2005+) are the primary physical changes. The powdered metal connecting rods were meant to be introduced in 2004 along with the L32’s, but the GM plant in Bay City, Michigan that supplies the Flint, Michigan plant could not achieve the desired production dates in time for that engine year.”

  • avatar
    mikey

    @Zackman….After having the 14 LT for a year. I really can’t say if I like it better than my 09. I’m glad your enjoying your 2012.

    • 0 avatar
      CoreyDL

      Now Mikey here’s what you just said above.

      “I own a 2014 Impala, I also owned a 09 LTZ Impala. The 09 was nice, but I just love my 2014.”

      You’ve just made the exact opposite statement exactly 43 minutes later.

      • 0 avatar
        mikey

        @ CoreyDL…Yeah…I did. I write the same way I talk, and sometimes it just doesn’t work out. {No I’m not taking advice from Brian Williams}

        My point: the 2014 is my daily driver,and except for a lack of power, its just a about perfect car for me. The 09 wasn’t as pretty, but it had a whole lot more cookies. The interior on the 09 was pretty Spartan. The seating, however was more comfortable,than the 14. The 14 makes me feel good when I drive it ??

        In retrospect, I should have kept the 09. However I went through a bad patch/ mid life crisis/ feeling sorry for myself/ stage. I went through a Camaro, and full size truck, even a Cobalt.I Came full circle, and ended up with the 14 Impala, and kept my 08 Mustang, through it all.

        I’m sincere when I say the 09 was a great car. Due to some unfortunate circumstances, the 14 LT will be my car for quite some time. So I better love it eh…?

  • avatar
    dwford

    Is this a hack of the car itself, or a hack of the back end systems of OnStar? OnStar has long had the ability to take control of the car, slow it down and stop it, lock and unlock the doors etc.

    Car makers need to take the keyless remote hacking seriously, as well as the telematics hacks. It would be interesting to know which 2 automakers can see attempted hacks at this point.

    The greatest threat we face as a country at this point is an electronic attack, whether it comes in the form of an electromagnetic pulse frying our electronics, or a cyber attack. I doubt we are ready.

    • 0 avatar
      Silent Ricochet

      I have a feeling this is a vulnerability in the OnStar network and not really with the car’s system itself. It’s not like an Impala is driving around with some kind of WiFi emanating from it’s ECU (Although the newer models have 4G Hotspot Capabilities, which can be a cause for concern).

      OnStar (and similar networks) is a network that is allowed to control certain (or apparently, all) aspects of an OnStar enabled car. These systems are meant to be used for good. To save lives or property. So it’s not really a vulnerability with the car itself, but rather the OnStar network. The dead giveaway was that this attack could be carried out from “anywhere in the world”. OnStar (and other networks like it) needs to step their security game up. Their CSO should be a bit worried right now.

      • 0 avatar
        psarhjinian

        You have to penetrate the OnStar network and command the OnStar application to make this hack happen. The car is essentially on a separate network, addressable via cellular radio but not on the internet in any way, shape or form.

        Not that it wouldn’t be possible to hack OnStar, but the vulnerability is on that side. But it would not be easy, and it’s not someone “hacking your car over the internet”, it’s someone hacking into a telematics company. Presenting this is “OMGSOMEONEWILLHACKYOURCAR!!” is fear-mongering.

        The closest to this in modern automobilia is Tesla: I believe the Model-S allows over-the-air firmware updates. I’d tend to trust Tesla: for one, they come from the same pedigree as PayPal and many of the banks so I don’t doubt they take this all very seriously.

        I don’t think I’d trust an OEM or aftermarket supplier like Bosch to connect their in-car gear to the public internet. Security, other than obscurity, is just not on their priority list. That said, I think most OEMs would rather make money selling your expensive diagnostic equipment and software than allow their precious to be hooked up to the internet for all to see.

  • avatar
    an innocent man

    Some guy from McAfee showed a few years ago that he could hack into a pacemaker, and an insulin pump. He could jolt your maker, killing you, or dump your pump, killing you.

  • avatar
    Land Ark

    I watched 60 Minutes on Sunday. I loved how they said they disguised the car so as not to identify the manufacturer – more so when as soon as they showed it I knew it was an Impala.

    My opinion after watching it was that it was a worst-case scenario puff piece. The car was provided by DARPA, so they had complete access to it prior to the taping of the segment. So I took the whole thing with a huge grain of salt. Any time I see an investigative report on tv dealing with scary car issues I figure there is a lot of chicanery going on behind the scenes. Like when ABC News did the Toyota unintended acceleration tests and made the results match their intended message.

    60 Minutes stands to gain nothing by proving that the car is unbreakable. How much risk does the average person have of being a victim of this? A lot, so you better watch CBS programs and buy the prescription drugs which sponsor the shows.

  • avatar
    psarhjinian

    There was a similar article posted on Ars Technica yesterday. The same points apply here:

    * While the premise is true, you need to have the vehicle in your possession to pull off the hack. Anyone in IT knows that, if you have physical access, getting pwned is pretty much assured.
    * Say it again: this isn’t a remote exploit. It’s a local hack. I could just as easily connect to the CAN bus via your diagnostic port and wreak all sorts of havoc, or, for that matter, I could loosen your lugnuts, cut your brake lines and put nails in your tires.

    Now, if someone could hack into OnStar corporate and, from there, connect to your vehicle, that would be a neat trick. So would connecting to CAN via an in-car hotspot from another car. Both are quite a bit trickier than this.

    OEMs could do more to firewall the ECU and CAN bus from the ICE and telematics as a matter of course because, one day, someone will have the ECU connected to the internet, but this kind of vulnerability is Evil Maid territory and a non-story.

  • avatar
    John R

    Whether they used an Impala or a Tesla or a Camry is immaterial. So is whether or not the said car uses some kind of connected service, OnStar is only one avenue. If your car has TPMS it is accessible.

    • 0 avatar
      psarhjinian

      “If your car has TPMS it is accessible.”

      The issue is remote vs local exploit. If you’re going to inject signals into the bus via TPMS, you need consistent local access to the vehicle’s electronics: this isn’t something you can do quickly via drive-by, and it’s made redundant because, if you have uninterrupted physical access, you can do anything you like.

      This would be a much scarier proposition if you could exploit it without physical access, or at least close-proximity.

      It’s the difference between me hacking your computer from a remote site without your involvement or knowledge, versus me breaking into your house and installing something malicious while sitting at your keyboard.

      • 0 avatar
        highdesertcat

        psar, either way, not an appealing proposition.

        Remember when banks told us that they could not be hacked? Or Apple touted how secure their system was?

        If there is a way in, and there always is, someone will exploit it.

        And it’s dicey if you are in business for yourself. My Zone Alarm firewall records thousands of hits every day. And these are just random attempts to find vulnerable systems.

        Imagine if someone really wanted to hack someone’s car? With or without On-Star. Most new cars today report data back to “mama” even if they don’t have an On-Star or similar system installed.

        • 0 avatar
          psarhjinian

          “Remember when banks told us that they could not be hacked?”

          By and large, banks aren’t hacked. Individual customers get hacked and retailers certainly get whacked, but bank hacks are exceedingly rare.

          Bank fraud is another matter, but that’s not a computer thing.

          “Or Apple touted how secure their system was?”

          And generally it is. Apple’s Cloud Services haven’t been hacked en-masse. Passwords have been harvested, brute-forced or, frankly, guessed via social engineering.

          “My Zone Alarm firewall records thousands of hits every day”

          Of course it does. And you can pretty much ignore those alerts. I admin an enterprise firewall and, unless I’m getting DoS’ed, I don’t even look at what’s hitting it.

          “If there is a way in, and there always is, someone will exploit it.”

          While this is true, usually things aren’t exploited en masse unless they’re easy. An attack that requires you to have physical access to the device is a pretty hard attack to execute.

          Your Zone Alarm is evidence of this: people try the cheap-and-easy attacks all the time; it’s the zero-day browser exploit that lets an intruder drop malware on your machine _that your firewall doesn’t know squat about_ that’s deadly. And there’s no vector like that in this vulnerability; it’s not remotely remote-exploitable.

          “Imagine if someone really wanted to hack someone’s car?”

          If someone really, really wants to hack your car, or your computer, you can’t stop them. Operational security measures against a targeted attack (like the NSA or MSS) are paranoid in their thoroughness: to the point where you never leave your computer unattended, use random ones, use a non-standard keyboard layout, etc, etc.

          But those people would hack your car by getting into your car and bugging it. Or, if they wanted to maim you, they’d just loosen a few fasteners. Against that kind of attack, there is no defense short of your own version of the Secret Service.

          Joe Plumber does not need to worry about the MSS hacking his Chevy Impala.

          What bothers me about this article is it exploits the “IT’S DONE BY COMPUTER!!!!” fear to get press when, in fact, it’s impractically hard and essentially pointless to be worried about this kind of attack.

          “Most new cars today report data back to “mama” even if they don’t have an On-Star or similar system installed.”

          No, they don’t. Most new cars still need you to plug in a scanner to read anything. Very few cars communicate back to the mothership.

          And if you’re so paranoid that you don’t trust your car dealer, either you’ve got trust issues, or you have Snowden-level OpSec considerations.

          • 0 avatar
            highdesertcat

            psar, I’m not paranoid. I’m realistic. The hackers often turn out to be some teens experimenting.

            However, if you think there is nothing to worry about, you should live your life accordingly.

            I would much rather err on the s!de of caution and minimize my vulnerabilities.

            To each his own.

            Oh, I did want to correct “Most new cars today report data back to “mama” even if they don’t have an On-Star or similar system installed.” to read

            “Most ‘connected’ new cars today report data back to “mama” even if they don’t have an On-Star or similar system installed.”

            My mistake. I didn’t proof my copy before hitting “save”.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • JD-Shifty: Pete Seeger, the Smithsonian Collection
  • 28-Cars-Later: I think you’re paranoid.
  • Jeff S: I will not buy a Tesla product either. As much as I don’t like GM and Ford I would trust either of them...
  • Jeff S: I don’t have faith that people will share. Ideally we should share but human nature being the way it is...
  • Sid SB: If these companies are storing chips, that is a questionable move because that tech is moving fast. I would...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Adam Tonge
  • Bozi Tatarevic
  • Corey Lewis
  • Mark Baruth
  • Ronnie Schreiber