Since journalist Michael Hastings' horrible death in Los Angeles, the conspiracy theories have lit up the interwebz. He sent an email with the subject of “FBI Investigation re: NSA” hours before his 2013 silver Mercedes slammed into a tree and burst into flames. The Los Angeles Times added, “The car was going so fast, the engine was found more than 100 feet away from the crash.” Hasting's email said he going to “go off the radar for a bit.” He “was researching a story about a privacy lawsuit brought by Florida socialite Jill Kelley against the Department of Defense and the FBI.”
If the conspiracy theory is true, it might have been easier to assassinate a reporter with a poison-tipped umbrella, an umbrella capable of firing “a pellet the size of a pinhead, containing the poison ricin.” It's happened before and although evidence of that might be easy to miss, it would not be impossible to find. However, former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard Clarke told the Huffington Post that “what is known about the single-vehicle crash is ‘consistent with a car cyber attack’.” The car fire was so intense that it took the LA coroner two days to identify Hastings' body, but Clarke said “a cyberattack on the vehicle would have been nearly impossible to trace ‘even if the dozen or so computers on board hadn't melted’."
Clarke said, "There is reason to believe that intelligence agencies for major powers" -- including the United States -- know how to remotely seize control of a car.
"So if there were a cyberattack on the car -- and I'm not saying there was," Clarke added, "I think whoever did it would probably get away with it."
This adds another level of interest in the upcoming Def Con 21 talk Adventures in Automotive Networks and Control Units that will be presented by Charlie Miller, former NSA and current Twitter employee, and Chris Valasek, Director of Security Intelligence at IOActive. Miller tweeted that Black Hat had previously rejected the “excellent car hacking talk” and included this video of remotely controlling the steering wheel.
According to the abstract:
Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher’s point of view.
We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, we’ll discuss aspects of reading and modifying the firmware of ECUs installed in today’s modern automobile.
This is certainly not the first car hacking research talk, but in light of the conspiracy theories and the possible reality of cyberattacks on cars, I thought we might look back at some of the proven ways that someone other than the driver can remotely take control of the car. One of the oldest is OnStar, with its Stolen Vehicle Slowdown technology allowing for remote control of vehicles, such as to stop a high-speed car chase [video]. A disgruntled laid-off hacker in Austin, Texas, remotely hacked more than 100 vehicles, bricking or disabling some cars and causing others to have “horns honking out of control.”
At Def Con 18, Rutgers University and the University of South Carolina security researchers presented “Letting the Air out of tire pressure monitoring systems” [pdf]; they demonstrated how to wirelessly hack a car's tire pressure monitoring system and send fake tire pressure warnings, while it was being driven on the road, before frying the onboard computer. SNOsoft Research previously delved into hacking your car for fun or profit and showed it's really not that difficult to program a car to kill a driver. Other research included a “self-destruct” attack -- “It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes” [pdf].
In a 2011 report, Comprehensive Experimental Analyses of Automotive Attack Surfaces [pdf], the researchers used a virus to infect a dealership diagnostic tool and pass the infection to any car connected to it afterwards. They could “disable the car, listen to conversations in the car, turn on the brakes, etc.” Also in 2011 we saw war texting to steal a car and hacking to pwn a cop car. We've also looked at security predictions, claiming hackers will target and cyberattack high tech cars.
Other security experts claimed that any computer control in the car could be hacked, including the “engine, lights, radio, wipers and electronic display.” Malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers." Even doctored CDs, or malicious input on an iPod could be used as an attack vector to exploit a vulnerability in the car [pdf].
While I’m not saying Hastings was killed by a cyberattack on his 2013 Mercedes, Clarke is correct that it’s entirely possible and almost impossible to prove any such assassination that might occur. The LA cops would doubtfully have the “expertise to trace such an attack.” Clarke added, “You'd probably need the very best of the U.S. government intelligence or law enforcement officials to discover it.” Clarke stated:
"I'm not a conspiracy guy. In fact, I've spent most of my life knocking down conspiracy theories. But my rule has always been you don't knock down a conspiracy theory until you can prove it [wrong]. And in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyberattack. And the problem with that is you can't prove it."