This past year's (2013) DefCon featured a demonstration of a relatively new type of hacking, the automobile hack. As automobiles become more and more high tech, they include more and more microprocessors and software. In recent years, we have developed autos that park themselves, autos that detect and avert crashes and very soon, automobiles that drive themselves. Each of these developments requires microprocessors and software and therefore opens up new avenues for the hacking of the automobile and new risks for society. At the same time, it opens fertile new ground for hackers and pentesters.
At DefCon, security researchers, Charlie Miller and Chris Valasek, demonstrated that they could control an automobile through connecting a laptop computer to the automobiles digital controls in the dashboard. They received a grant from the U.S. Defense Department's Advanced Research Projects Agency (DARPA) to explore the security vulnerabilities of today's advanced automobiles.
These security researchers/hackers were able to;
- change the speedometer and gas gauge reading;
- tighten seat belts;
- slam on the brakes;
- jerk the steering wheel;
- disable the power steering;
- cause the engine to accelerate;
- turn headlights on and off;
Basically, the modern automobile is now nearly completely controlled with digital systems. Each of these systems can be hacked and controlled by someone with access to the digital control system.
In this demonstration at Defcon, the hackers actually dismantled the instrument panel to physically access the controls. A few years back, researchers at the University of San Diego demonstrated that they could remotely hack an automobile through such remote features as GM's On-Star system that provides cellular access to the automobiles control systems.
Should we be concerned about automobile hacking as we cruise down the highway?