IDG News Service - University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results.
In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car.
In a late 2009 demonstration at a decommissioned airfield in Blaine Washington, they hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes. In other tests, they were able to kill the engine, falsify the speedometer reading, and automatically lock the car's brakes unevenly, a maneuver that could destabilize the car traveling high speeds. They ran their test by plugging a laptop into the car's diagnostic system and then controlling that computer wirelessly, from a laptop in a vehicle riding next to the car.
The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems.
"We think this is an industry issue," said Stefan Savage, an associate professor with the University of California, San Diego.
He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern.
"If there's no action taken on the part of all the relevant stakeholders, then I think there might be a reason to be concerned," Kohno said. Neither he nor Savage would name the maker of the car they conducted their tests on. They don't want to single out any one auto-maker, they said.
That probably comes as a relief to whomever made the car the researchers probed, as they found it pretty easy to hack.
"In starting this project we expected to spend significant effort reverse-engineering, with non-trivial effort to identify and exploit each subtle vulnerability," they write in their paper. "However, we found existing automotive systems—at least those we tested—to be tremendously fragile."
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
