Tuesday 2nd February 3:58 pm
Honk if you’re being hacked
Tuesday 1st September 2015 9:00 am
There’s a lot happening in our busy world of over 7 billion people. So you might not have noticed that around mid-2015, there was a minor flurry in the news media about an American car being remotely hacked. The control of the car was apparently taken away from the driver, and the controllers then drove it into a ditch.
Yes, it really happened. Yes, the internet and the World Wide Web daily infiltrate deeper into our lives. So yes, this event signifies something that we will have to deal with.
First, a little history lesson. The internet was conceived by Paul Baran, of the RAND Corporation, around 1960. It was to be a robust communication system for the military — but the military couldn’t understand it, so they didn’t want it.
The internet was eventually born on the first of October, 1969, as a way of sharing the use (and the cost) of large expensive computers.
It took a few more decades for the World Wide Web to arrive. That happened on December 25, 1990. And a quarter of a century after that, hackers used the internet to remotely take over a Jeep’s computers, and drive it into a ditch.
At first glance, it might seem weird for a car to have a computer. But a modern car can easily have between 50 and 200 computers — and between them, all these computers carry some 50 million lines of computer code. By way of comparison, that’s over three times more than the computer code needed to run a modern jet plane.
The car can have computers to run fundamentals such fuel injection, accelerator, gearbox, brakes, steering and airbags — as well as keyless entry, anti-theft system and even the controlled dimming of the interior lights.
And don’t forget what used to be called the radio, but is now called the entertainment centre, which also is linked to the reversing camera, the GPS, the USB input, your smart phone, Bluetooth information on tyre pressures, air-conditioning and much more.
Back in 2011, Karl Koscher and colleagues from the University of Washington and the University of California wrote a paper called ‘Comprehensive Experimental Analyses of Automotive Attack Surfaces’.
The phrase ‘automotive attack surfaces’ refers to all the different ways to bust into a car’s many computers and internal communication paths.
These so-called ‘surfaces’ include the socket that the mechanic uses to diagnose your car’s status, as well as the CD player, the Bluetooth connection for your phone and your tire pressure, the WiFi hotspots that some cars provide, and often, a direct connection to the mobile phone network that is totally independent of your smartphone.
The word ‘experimental’ means that they tried out their theories, and then busted into the computers.
Many cars in the USA have this direct connection to the mobile phone network, as part of their service. It even has its own special noun — ‘telematics’.
If you get a flat tyre and don’t know how to change it, you press a button and you’ll find yourself talking to a human operator. On the other hand, if your airbags deploy, almost certainly there has been a collision of some sort, and they will call you up to try to talk to you.
Let me emphasise, this connection to the mobile phone network is totally independent of your smartphone.
Various such telematics systems include UConnect from Fiat Chrysler, Onstar from GM, BMW Assist from BMW, Enform from Lexus, Safety Connect from Toyota — and many more.
Anyhow, after a lot of hard work, Karl Koscher and colleagues found that there were many ways (with varying degrees of difficulty and success) to bust into the computers of cars.
Their paper of 2011 might have been inspired by the actions of a 20-year-old in Austin, Texas. He had worked for a car dealer called Texas Auto Center, but he had been fired. As revenge upon his previous employer, he used their web-based vehicle-immobilisation system that would gently remind the customers that they were behind in their payments.
Texas Auto Center had installed a special black box in each of the cars they sold. When triggered, it could make the horn start to honk, or even disable the car’s ignition system. And so, in 2010, over 100 cars sold by Texas Auto Center would not start, or would not stop honking the horn. ‘Honk if you’re being hacked’ was literally happening. But that was just honking the horn, or not starting.
In 2012, hacking got ramped up to the next stage — and I’ll talk more about that, next time….
This blog first appeared on Dr Karl's Great Moments in Science
© 2016 Karl S. Kruszelnicki Pty Ltd