Dr Karl

Great Moments in Science

home :: Karl's Blog :: How to hack a car

Who's really in control of where you're going? (Source: Patryk Kosmider/iStockphoto)

comments Comments

How to hack a car

Tuesday 8th September 2015 1:04 pm

Last time I talked about how, in mid-2015, an American car that was driving down the highway got remotely hacked — and ended up being driven into a ditch.

I also talked about how the internet and the World Wide Web were born.

By 2011, engineers were already exploring different ways to bust into a car’s many computers. But these engineers were very discreet — they were deliberately a little vague, and also kept the identity of the cars secret.

In 2012, hacking got ramped up to the next stage. The people who did the ramping were Charlie Miller (ex-NSA, and a security researcher for Twitter) and Chris Valasek (director of Vehicle Security Research at IOActive).

They got an $80,000 grant from DARPA (the people who gave us the internet). They used the money to buy a Toyota Prius and a Ford Escape (both 2010 models), and spent a year tearing the cars down — not just physically and electrically, but also the internals of the cars’ many computers.

Now here’s an interesting side issue. In most cases, the car manufacturers don’t know what’s inside the computers they install. These computers are sold to them as a black box — only the computer manufacturer knows what’s inside. So just as a side issue, that’s another potential weakness in the security or integrity of a car’s control systems.

Anyhow, back to the story.

By mid-2013, Miller and Valasek could control most of the functions of both cars. But their access path was clunky — and very obvious. They had to sit in the back seat, and use a computer plugged directly into the mechanics’ diagnosis socket — in other words, they needed direct physical access.

A journalist, Andy Greenberg, was their guinea pig. He drove both the Ford Escape and the Prius around a parking lot in South Bend, Indiana.

With the Prius, they could slam on the brakes at any speed, and make the car accelerate — although Andy could override this acceleration by manually pressing the brake pedal.

They could also violently jerk the steering wheel of the Prius at any speed — a minor problem in a parking lot at slow speed, but potential disaster at speed on a highway.

With both cars, they could honk the horn, tighten up the seat belt — and even disable the brakes.

Andy Greenberg suddenly realised that back then, in 2013, “a car is not a simple machine of glass and steel, but a hackable network of computers”.

But Miller and Valasek wanted to be able to hack into cars remotely. They didn’t want to be confined to only physically jacking into the mechanic’s diagnostic socket built into the car.

The obvious pathway was the Uconnect System — a vehicle assist system that connected the car (a Jeep Cherokee) via its own SIM card to the mobile phone network.

Miller and Valasek found vulnerabilities.

First, they found a flaw that let them hack in over the Jeep’s WiFi hub — but that meant they had to be rolling down the same road as the Jeep, and keeping themselves within a few dozen metres.

Then they found another flaw. This meant they just had to be on the same mobile phone tower as the Jeep happened to be using. But as the Jeep rolled down the highway, it would leave the range of one mobile phone tower, and so the potential hackers would be left stranded.

And finally, they found another flaw that let them attack the Jeep via the internet. This meant they could hack in from anywhere in the world.

And so, with advance warning that he would get hacked, Andy Greenberg went for a drive in mid-2015. He had been invited to be the digital crash-test dummy for the next stage of car hacking.

He was cruising at 110 kilometres per hour near St. Louis, when suddenly the air-con started blasting out freezing air, and then it ramped up to a gale-force wind.

Next, the radio changed station, and started blasting out hip-hop at maximum volume. He tried using the volume knob on the radio, but it had no effect.

Suddenly, the windscreen wipers turned on, followed by the windscreen washers blurring his forward vision.

Then, just for fun, a live picture of Charlie Miller and Chris Valasek doing their mischief popped up on the Jeep’s digital display on the dashboard.

But Miller and Valasek could do even more — and I’ll talk about that, next time …

tags: | | |

This blog first appeared on Dr Karl's Great Moments in Science

comments0 Comments


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Follow Karl on Instagram