Sunday, May 16, 2010

Successful Auto Hacking


Back in March an employee laid off by a Texas auto center sought revenge by hacking into the web based immobilization system installed in the cars. This system was for “getting the attention of consumers delinquent in their car payment.” The particular system will not stop a running vehicle but it does trigger the horn to honk continuously.

Hacking and gaining access to the main systems of a vehicle may be much more complex but a team of researchers at two universities have shown that they can “adversarially control a wide range of automotive functions and completely ignore driver input-”

The University of Washington and UC San Diego researchers say that through lab experiments and on-the-road trials with two vehicles and a program dubbed CarShark, they have demonstrated “the fragility of the underlying system structure” for modern cars that are “pervasively monitored and controlled by dozens of digital computers, coordinated via internal vehicular networks.” Bottom line, they say a typical car built in recent years has very little resilience against a digital attack on its internal components.

It would be possible, according to the paper, for an attacker to “adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.” Hackers could also cover their tracks, embedding malicious code in a car’s telematics unit that would “completely erase any evidence of its presence after a crash.”


They do stress that the attacks while successful are fairly unlikely in the real world but that it is a vulnerability that needs addressing in
As one researcher said: “what’s important is not that you have a glitch, [but] how the system responds to it.”

No comments:

Post a Comment