Cyber-Jacking Cars, Not in the Future but Now!

A few years ago researchers theorized that modern car control systems could be hacked. Hackers will demonstrate exactly that later this month.

When I see a polished and obviously nutured classic or vintage car I always admire them but after having a couple I never want to own one again. They're usually temperamental and expensive to keep running and, more than anything else, they aren't as comfortable as a modern car. If there's air conditioning at all it's often anemic and they lack all of those lovely modern conveniences such as a built-in entertainment system, satellite navigation, and an in-flight computer all of which require some degree of computerization to work.

Indeed modern cars are loaded with processors (many new cars contain up to 70 of these) that not only manage the luxuries but also tune the engine, monitor performance, and even connect the steering wheel to the steering. These services are connected by a networking system called CAN bus and with that degree of computerization there's a potentially serious downside: All of these subsystems could conceivably be targets for hacking. 

Lest you doubt that such a thing is possible consider this: At BlackHat USA 2013, to be held in Las Vegas July 27 through August 1, two Spanish engineers will be demonstrating a device they built for the grand sum of $25 that can bypass the security in a car's electronic control unit (ECU).

In their presentation, titled "Dude, WTF in My Car" (the title was probably much cooler in the original Catalan), the engineers, Javier Vázquez Vidal and Alberto Garcia Illera, will demonstrate a device which they claim can crack Bosch's EDC15 and EDC16 diesel engine management systems protected by an RSA 256-bit seed/key algorithm. This is the summary of their talk:

The car ECU tuning market is weird. There is little help from people already in it, and most of the equipment is expensive. Well, not anymore!

We will show a tool that was built under $25, and that is able to bypass all the security in the car ECU, based of a BOSCH EDC15 and EDC16, which has RSA 256 and seed/key algorithm protection.

We will show live demonstrations of how the tool works, with logic analyzer and explanation of all the processes that take place.

Black Hat Arsenal gives a unique opportunity to have a close look at tools, so we will explain the most practical side of our tool instead of going deep into the low level explanation, to exploit the most of BH-Arsenal concept.

All of this will help the end user to realize that even cars, have secrets that can be "unlocked."

The device they'll show apparently currently has to be plugged into a vehicle's On-Board Diagnostics, or OBD, port but according to an article in New Scientist they claim that they are developing a wireless version.

Just last month The Huffington Post interviewed Richard Clarke, the former U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism regarding his theory that the car crash death of investigative journalist Michael Hastings could have been because his vehicle had been hacked. Clarke is quoted by The Huffington Post as saying:

There is reason to believe that intelligence agencies for major powers -- including the United States -- know how to remotely seize control of a car ... What has been revealed as a result of some research at universities is that it's relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn't want acceleration, to throw on the brakes when the driver doesn't want the brakes on, to launch an air bag ... You can do some really highly destructive things now, through hacking a car, and it's not that hard.

The university research Clarke alluded to was probably the 2010 paper "Experimental Security Analysis of a Modern Automobile" by researchers from the University of Washington and the University of California, San Diego. The abstract of the paper, in part, explains:

... we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car ... We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash.

A month ago you might have thought that Clarke was making a wild, headline-grabbing speculation and that the university researchers were peering into a distant future. It now looks like Clarke might know a lot more than he's letting on and the researchers' vision was for a much shorter term. 

The idea of having your car cyber-jacked is not a good one and if it should happen at speed as might have happened to Hastings, well, obviously the results could easily be fatal. Makes you want to go back to driving  one of those classic cars. Perhaps satellite navigation, a CD player, and air conditioning aren't all that important.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10