Technology | DOI: 10.1145/2018396.2018403
hacking cars
Researchers have discovered important security flaws
in modern automobile systems. Will car thieves learn to pick
locks with their laptops?
Not So LonG ago, car thieves plied their trade with little more than a coat hanger and a screwdriver. New an- ti-theft technologies have
made today’s cars much harder to
steal, but the growing tangle of computer equipment under the modern
hood is creating new security risks
that carmakers are just beginning to
understand.
Ever since Toyota’s well-publicized
struggles with the computerized braking systems in its 2010 Prius hybrid
cars, automotive computer systems
have come under increasing scrutiny.
In the last few years, researchers have
identified a range of new, unexpected
security flaws that could potentially affect large numbers of new cars. Given
the specialized programming knowledge required to exploit these flaws,
however, carmakers are still trying to
gauge if these issues present a meaningful risk to ordinary drivers.
Last year, researchers Tadayoshi
Kohno of the University of Washington
and Stefan Savage of the University of
California-San Diego announced the
startling results of a two-year investigation into potential vulnerabilities in
modern automotive computer systems.
The team initially explored whether
they could compromise the onboard
computer diagnostics port, a U.S. gov-ernment-mandated feature in most
modern cars. By inserting malicious
code into the diagnostic software commonly found in auto repair shops and
plugging a computer into the car’s diagnostic port, they were able to stop
the car’s engine, lock the doors, and
disable the brakes. More recently, they
managed to remotely control a car by
means of on-board Bluetooth or cellular services, thus demonstrating that a
car could be controlled purely through
wireless mechanisms.
“Our initial goal was to conduct a
thorough, comprehensive analysis of
using an undisclosed hack, kevin finisterre
was able to monitor a police car’s video feed
in real time.
a modern automobile,” says Kohno.
“This meant we wanted to study the
brake controller, the engine control-
ler, the light controller, the telematics
unit, the media player, and so on. One
of the biggest, most labor-intensive
challenges was the sheer volume of
components within the car.”
Today’s cars often contain myriad
computer systems made by different
manufacturers, making it difficult for
any single component maker to iden-
tify every potential security exposure.
“To improve security one really de-
sires a holistic view of all the compo-
nents within the automobile,” says
Kohno, “but because of outsourced
components it’s hard for even the man-
ufacturer to have that holistic view.”
Despite the inherent difficulty of
pinpointing security exposures in com-
plex automotive systems, Kohno and
Savage’s work points to one conspicu-
ous weak link: the onboard computer
diagnostics port.
Alex Wright
“Manufacturers could take steps to
limit what someone might be able to
do if they connect to the diagnostics
port,” says Kohno. He acknowledges,
however, that the onboard port plays
a crucial role in many cars. “One key
challenge is to preserve the benefits
but minimize the risks,” he says.
Those risks seem destined to multiply as the number of network connections continues to grow, sometimes
causing security exposures to crop up
in unexpected places.
Take, for example, the humble tire.
At the University of South Carolina,
assistant professor Wenyuan Xu discovered that she could track the movement of cars by tapping into the RFID
data stored in modern tire pressure
monitoring systems from up to a distance of 40 meters.
Xu’s team explored the proprietary
communication protocols typically
used to connect tire pressure sensors
to onboard computers, and discovered that they could “listen” to the tire
pressure sensors and use them to establish a connection with the onboard
computers.
By capturing and decoding the tire
sensor signals, the team was able to
track the car’s movements. They also
established that they could send fake
signals to trick the car computer into
lighting up the low tire pressure warning light, regardless of the tire pressure. They were also able to inflict permanent damage to the tire pressure
monitoring systems.
“An increasing number of wireless systems are installed in modern
cars,” notes Xu. “Wireless networks are
known to be vulnerable to eavesdropping and packet injection.”
PhotograPh by sergeI ChumaKoV / shutterstoCK.Com
communication Breakdown
Xu’s work points to a central problem
with many modern automobiles: The
Controller Area Network (CAN), which
was originally designed to enable mi-
