Recent articles in the science & technology media report the ability to hack into a cars system in the same way computers have been hacked for years.
- Is this something each car owner should be worried about?
- it is something imminent or way off in the future?
- Technology’s security shortcomings are often exposed after they have been used for malicious purposes – will this be true for the computer systems which live inside all our vehicles today?
Scientists have already hacked into a car using its own onboard diagnostic port—but it’s relatively easy to get into a car’s electronic brain if you’re already inside the car. Now, however, researchers have have gained access to modern, electronics-laden cars from the outside. And they managed to take control of the car’s door locks, dashboard displays, and even its brakes.
The findings, which were presented to the National Academy of Science’s Committee on Electronic Vehicle Controls and Unintended Acceleration, weren’t entirely intentional, as the work was prompted by an investigation into Toyota’s accelerator problems, and was meant to probe the safety of electronic automotive systems. The testing also uncovered some security flaws.
How They Did It
The researchers took an un-named 2009 sedan and methodically tried to hack into it using every trick they could think of – and came up with two good methods of hacking into the car’s systems ‘remotely’:
- Hacked mp3: By adding extra malicious code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car. Researchers stated that this type of attack could be spread on file-sharing networks without arousing suspicion
- Cellular Services: Built-in cellular services that provide safety and navigational assistance, like GM’s OnStar, can also be used to upload malicious code. The researchers found that they could take control of this system by breaking through its authentication system. First, they made about 130 calls to the car to gain access, and then they uploaded code using 14 seconds of audio.
In the wrong hands, the ability to break-in to a vehicle’s management systems could certainly be harmful; once access is made, a hacker could do anything from sabotage brakes to monitor car movements (by forcing the car to send GPS signals).
At the moment, engineers stress that the “wrong” hands wouldn’t have the know-how to undertake these complicated procedures— stating that the vulnerabilites took 10 researchers two years to expose and utilise.
However, as with all vulnerabilites and loopholes, once people are aware of them, there may be no shortage of maliciously-minded people who will turn their attention to repeating the steps now that the groundwork has been done.