We have completed maintenance on DiscoverMagazine.com and action may be required on your account. Learn More

Forget Car-Jacking: Car-Hacking Is the Crime of the Future

By Andrew Moseman
May 18, 2010 10:42 PMNov 20, 2019 5:37 AM


Sign up for our email newsletter for the latest science news

Sticking accelerator pedals were just the beginning. Soon you might lose control of your car not because of a technical failure, but because someone hacked into it from afar. Tomorrow at a security conference in California, Stefan Savage and his team will present their research showing how they used the computer systems that oversee different systems in a car to break in and take control—braking and accelerating against the driver's will.

The researchers concentrated their attacks on the electronic control units (ECUs) scattered throughout modern vehicles which oversee the workings of many car components. It is thought that modern vehicles have about 100 megabytes of binary code spread across up to 70 ECUs [BBC News].

The software Savage's team created, called CarShark, took advantage of the fact that ECUs must communicate between different systems. Electronic Stability Control, for instance, must talk to the brakes, accelerators, and wheels; Active Cruise Control and systems that parallel park the car for you also rely on communication across many systems. The team inserted fake packets of data into the lines of communication to seize control of a car, Savage says.

He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern [BusinessWeek].

Savage said he and his team wanted to get a head start on the problem of car-hacking, which is sure to arise when hackers

get the chance, especially with more wireless access. In small ways it has already started: A couple of months ago an Austin, Texas, man who was fired by a car dealership broke into the remote system

that the dealer used to torment people who were delinquent on their payments by honking the horn or otherwise annoying them. About 100 people found their cars inoperable, or honking like mad, after his hack.

The researchers said they did not address the question of the defenses the cars might have against remote access, but said the experience of the PC industry, which did not have extensive security problems until computers became networked, was worth remembering. “To be fair, you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC,” Mr. Savage said [The New York Times].

Car companies should probably address this issue before they offer us the networked "road trains

" of the future. Related Content: 80beats: Reports: Chinese Hackers Stole Indian Missile Secrets & the Dalai Lama's E-mail

80beats: Massive Spanish Botnet Busted, But Hacker Mastermind Remains Unknown

80beats: Code Protecting 80 Percent of Cellphone Convos Finally Cracked

80beats: In the Commute of the Future, Drivers Can Let a Pro Take the Wheel

Image: Savage et. al.

1 free article left
Want More? Get unlimited access for as low as $1.99/month

Already a subscriber?

Register or Log In

1 free articleSubscribe
Discover Magazine Logo
Want more?

Keep reading for as low as $1.99!


Already a subscriber?

Register or Log In

More From Discover
Recommendations From Our Store
Shop Now
Stay Curious
Our List

Sign up for our weekly science updates.

To The Magazine

Save up to 40% off the cover price when you subscribe to Discover magazine.

Copyright © 2024 Kalmbach Media Co.