DETROIT (AP) — As cars become more like PCs on wheels, what’s to stop a hacker from taking over yours?
In recent demonstrations, hackers have shown they can slam a car’s brakes at freeway speeds, jerk the steering wheel and even shut down the engine — all from their laptop computers.
The hackers are publicizing their work to reveal vulnerabilities present in a growing number of car computers. All cars and trucks contain anywhere from 20 to 70 computers. They control everything from the brakes to acceleration to the windows, and are connected to an internal network. A few hackers have recently managed to find their way into these intricate networks.
In one case, a pair of hackers manipulated two cars by plugging a laptop into a port beneath the dashboard where mechanics connect their computers to search for problems. Scarier yet, another group took control of a car’s computers through cellular telephone and Bluetooth connections, the compact disc player and even the tire pressure monitoring system.
To be sure, the “hackers” involved were well-intentioned computer security experts, and it took both groups months to break into the computers. And there have been no real-world cases of a hacker remotely taking over a car. But experts say high-tech hijackings will get easier as automakers give them full Internet access and add computer-controlled safety devices that take over driving duties, such as braking or steering, in emergencies. Another possibility: A tech-savvy thief could unlock the doors and drive off with your vehicle.
“The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes,” says Rich Mogull, CEO of Phoenix-based Securosis, a security research firm. “Anything with a computer chip in it is vulnerable, history keeps showing us.”
In the last 25 years, automakers have gradually computerized functions such as steering, braking, accelerating and shifting. Electronic gas pedal position sensors, for instance, are more reliable than the old throttle cables. Electronic parts also reduce weight and help cars use less gasoline.
The networks of little computers inside today’s cars are fertile ground for hackers.
Charlie Miller, a St. Louis-based security engineer for Twitter, and fellow hacker Chris Valasek, director of intelligence at a Pittsburgh computer security consulting firm, maneuvered their way into the computer systems of a 2010 Toyota Prius and 2010 Ford Escape through a port used by mechanics.
“We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge,” said Valasek. The two used a federal grant to expose the vulnerability of car computers. Even with their expertise, it took them nine months to get in.
Valasek and Miller released a report, including instructions on how to break into the cars’ networks, at a hacker convention in August. They said they did so to draw attention to the problems and get automakers to fix them. The pair say automakers haven’t added security to the ports.
Ford wouldn’t comment other than a statement saying it takes security seriously, and that Miller and Valasek needed physical access to the cars to hack in.
Toyota said it has added security and continually tests it to stay ahead of hackers. The company said its computers are programmed to recognize rogue commands and reject them.
Two years ago, researchers at the University of Washington and University of California, San Diego did more extensive work, hacking their way into a 2009 midsize car through its cellular, Bluetooth and other wireless connections — even the CD player.
Stefan Savage, a UCSD computer science professor, said he and other researchers could control nearly everything but the car’s steering. “We could have turned the brakes off. We could have killed the engine. We could have engaged the brakes,” he said.
Savage wouldn’t identify which manufacturer made the car they hacked into. But two people with knowledge of the work said the car was from General Motors and the researchers compromised the OnStar safety system, best known for using cellular technology to check on customers and call for help in a crash. The people didn’t want to be identified because they were not authorized to speak publicly on the matter.
GM wouldn’t comment on the research, but the company issued a statement saying it takes security seriously and is putting strategies in place to reduce risk.
One of the people said GM engineers initially dismissed the researchers’ work, but after reading the report, quickly moved to close holes that allowed access to the car’s computers.
Savage doesn’t think common criminals will be able to electronically seize control of cars anytime soon. Currently it would take too much time, expertise, money and hard work to hack into the multitude of computer systems.
“You’re talking about a rarefied group who has the resources and wherewithal,” he said.
Instead, he believes basic theft is a more likely consequence of computerization, with criminals being able to unlock doors remotely and then start and drive the car by hacking through the diagnostic port. Remote door unlocking could also lead to theft of packages, phones and other items that are stored in a car.
http://news.yahoo.com/hackers-weaknesses-car-computer-systems-134038212.html
Most of the people who own modern cars have found weaknesses in the computer systems shortly after buying the things.
“And there have been no real-world cases of a hacker remotely taking over a car.”
I guess they forgot about Michael Hastings.
I recently purchased a 2013 Honda Accord which has a shitload of electronics and that bluetooth crap in it that annoyed me to no end. I asked the salesman if I could get rid of most of it and pay a cheaper price. He said they don’t customize anymore and that it is all standardized because it is too difficult for them to do since nothing is made here anymore. So basically, they have no customer service, sold their souls and factories to China, Canada and Mexico and WE THE PEOPLE are forced to either take and drive a car with computers in it or not drive at all.
He was quick to tell me about all of the glorious computer features in it and how I need not have to worry about controlling the steering wheel as it was all electronically controlled if anything happens. I then told him about hackers hacking into cars and taking them over and told him that I enjoy driving a car that I can control and not one that can control me.
After that, he played dumb by saying, “Really? I haven’t heard about that. Hmmm…” Yea right. You’d have to be living under a rock not to realize that.
He even tried to get me to buy a car with a push-button ignition and no key. Gee…why don’t I just hand control of my car over to the government hackers right now. I mean who in their right mind would buy a car with a computerized ignition? Why aren’t people bitching about this? Oh yea, that’s right, the sheeple see all of these glorious computer, high-tech, fancy displays and think it makes them look good in front of their friends. It won’t make them look any good after they are dead because some hacker took control and crashed it into a tree while you were in it. Dumbass!
I then went to another Honda dealer and after I mentioned the hacking, the one salesman told me that he actually worked in networking and security and understands the vulnerabilities of having a computer take control of your car and practically agreed with me, but said that unfortunately that’s the way the world is going these days.
If you want to see a movie that proves my point, watch “Fast and Furious 6”. After their cars get hacked/short circuited by the bad guys, they decide to go back and buy some older cars with no computerized function in it. It’s one part of the story that I highly agree with and hopefully more people will realize that.
So it looks like the elite and our government are forcing us to drive cars that they can control and are slowly phasing out non-computerized cars. Not that that’s anything new to anyone. Must be that social progressive reform, (the “Move forward, don’t look back” kinda philosophy) that Obama is always talking about.
Anyways, that’s basically the real reason why I posted this article, because it goes along with my thoughts and recent experience with buying a new car these days.
As I always say, there are some things computerized aren’t meant for and phone systems and cars are just some of them. This dependence on computers has gotta stop as it is making us and our children stupid and will eventually be our downfall. Have we learned nothing from movies like “Terminator” and “The Net” or even “Idiocracy”?
Bought a used copy of Idiocracy about a month ago. Didn’t much care for it.
On the other hand, Wag the Dog was outstanding. (bought a used copy of that a couple weeks before that).
So that means the prezs limo can be hacked? lol
As an electronics professional(own an electronics repair shop and was electronic counter measures in the navy) I can tell you that if a car can be hacked it can be hacked remotely. And by that I mean miles away. If the devise has any form of wireless function it can be hacked doubly so. you just need to want to real bad. The hard part is single point remote access. If two prius’ are driving side by side they will both be hacked at the same time.
It should be said that I have an old ford manual trans truck. The first modern car i owned did not have keyless entry but I was able to unlock it from about 500ft away with only a 9v bat and a little know how. I soon got rid of the car and I love my old farm truck.
It would be fairly easy to steer the car off a road into a tree you just apply the brakes on one side.