This past year's (2013) DefCon featured a demonstration of a relatively new type of hacking, the automobile hack. As automobiles become more and more high tech, they include more and more microprocessors and software. In recent years, we have developed autos that park themselves, autos that detect and avert crashes and very soon, automobiles that drive themselves. Each of these developments requires microprocessors and software and therefore opens up new avenues for the hacking of the automobile and new risks for society. At the same time, it opens fertile new ground for hackers and pentesters.
At DefCon, security researchers, Charlie Miller and Chris Valasek, demonstrated that they could control an automobile through connecting a laptop computer to the automobiles digital controls in the dashboard. They received a grant from the U.S. Defense Department's Advanced Research Projects Agency (DARPA) to explore the security vulnerabilities of today's advanced automobiles.
These security researchers/hackers were able to;
- change the speedometer and gas gauge reading;
- tighten seat belts;
- slam on the brakes;
- jerk the steering wheel;
- disable the power steering;
- cause the engine to accelerate;
- turn headlights on and off;
...and more.
Basically, the modern automobile is now nearly completely controlled with digital systems. Each of these systems can be hacked and controlled by someone with access to the digital control system.
In this demonstration at Defcon, the hackers actually dismantled the instrument panel to physically access the controls. A few years back, researchers at the University of San Diego demonstrated that they could remotely hack an automobile through such remote features as GM's On-Star system that provides cellular access to the automobiles control systems.
Should we be concerned about automobile hacking as we cruise down the highway?
5 Responses
can you make tutorial about this? :D
Dragon:
Its not on my agenda now, but I may sometime in the future.
OTW
Most definitely, we should be concerned!
I'm actually a bit paranoid about something like this happening to me which is why I drive a car that's not so reliant on digital systems.
However this brings cyber/hacking crime to a whole new level! Hacking has now become more lethal and like all lethal things, if put in the wrong hands can definitely be really bad.
In my opinion, there are a lot of people out there eager to hack like this just to like show off to a friend that you can or give your friend a little spook or worse, to get revenge or hurt someone. And people will die. Heck, people will die even when professionals learn to use it cuz we will have cyber mercenaries taking out high profile targets by invading a cars computer and making the car drive off a cliff or something. To me i am very concerned and i know that no matter how much they update their software and try to make it hack proof, someone will always find a way.
Eight:
Thanks for those thoughtful comments.
This past June, Michael Hastings, the journalist that wrote the Rolling Stone article about Gen. Stanley McChrystal that led to his downfall, died in a fiery crash of his 2013 Mercedes Benz when it crashed into a tree in the Los Angeles area. He was working on an article that would have done further damage to former CIA director Gen. David Petraeus. Many have speculated that his crash and resulting death may have been the result of his car having been hacked by some malicious entity to keep him from continuing his investigative journalism.
OTW
I've just come across this article, I can't work out why these two got the grant from DARPA when it had already been proven that the capability to do it was there, infact it was already the subject of a TED talk, and was done from a trailing car.
As for Michael Hastings (RIP), there were a lot of variable's there that provide other explanations, and I think because he was an out spoken critic of the intelligence community it just seems that it was the natural thing to blame. Even if he had of died at home by choking on a cherry stem, peoples first response would still have been to blame the USINT community.
Share Your Thoughts