Register for an account

X

Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.

X

Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.

Technology

Forget Car-Jacking: Car-Hacking Is the Crime of the Future

80beatsBy Andrew MosemanMay 18, 2010 10:42 PM
CarShark.jpg

Newsletter

Sign up for our email newsletter for the latest science news

Sticking accelerator pedals were just the beginning. Soon you might lose control of your car not because of a technical failure, but because someone hacked into it from afar. Tomorrow at a security conference in California, Stefan Savage and his team will present their research showing how they used the computer systems that oversee different systems in a car to break in and take control—braking and accelerating against the driver's will.

The researchers concentrated their attacks on the electronic control units (ECUs) scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs [BBC News].

The software Savage's team created, called CarShark, took advantage of the fact that ECUs must communicate between different systems. Electronic Stability Control, for instance, must talk to the brakes, accelerators, and wheels; Active Cruise Control and systems that parallel park the car for you also rely on communication across many systems. The team inserted fake packets of data into the lines of communication to seize control of a car, Savage says.

He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern [BusinessWeek].

Savage said he and his team wanted to get a head start on the problem of car-hacking, which is sure to arise when hackers

get the chance, especially with more wireless access. In small ways it has already started: A couple of months ago an Austin, Texas, man who was fired by a car dealership broke into the remote system

that the dealer used to torment people who were delinquent on their payments by honking the horn or otherwise annoying them. About 100 people found their cars inoperable, or honking like mad, after his hack.

The researchers said they did not address the question of the defenses the cars might have against remote access, but said the experience of the PC industry, which did not have extensive security problems until computers became networked, was worth remembering. “To be fair, you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC,” Mr. Savage said [The New York Times].

Car companies should probably address this issue before they offer us the networked "road trains

" of the future. Related Content: 80beats: Reports: Chinese Hackers Stole Indian Missile Secrets & the Dalai Lama's E-mail

80beats: Massive Spanish Botnet Busted, But Hacker Mastermind Remains Unknown

80beats: Code Protecting 80 Percent of Cellphone Convos Finally Cracked

80beats: In the Commute of the Future, Drivers Can Let a Pro Take the Wheel

Image: Savage et. al.

2 Free Articles Left

Want it all? Get unlimited access when you subscribe.

Subscribe

Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%

Subscribe

Already a subscriber? Register or Log In