Driving on the freeway, you suddenly realize that something unusual is happening in your vehicle because the automatic door locks are cycling first to unlock and then back to lock. This sequence repeats several times, quite seemingly for no apparent reason. Pretty soon, you sense the brakes have failed followed by the engine shutting down. Completely unnerved, you safely guide the car to the shoulder and call for roadside assistance.
This scenario is purely hypothetical at the present time, but researchers recently have demonstrated that it is possible to access and control many of the vehicle’s electronic systems, not by a cable connected to the diagnostics port under the dash, but wirelessly. Just last year it was reported that activating the door locks, disabling the brakes, or shutting down the engine could be readily accomplished by manipulating the systems through the diagnostics port. Of course, why hack these systems if you have to physically be in the vehicle to use the diagnostics port?
According to a recent article in the MIT Technology Review, “Taking Control of Cars From Afar” by Erica Naone, researchers at the University of Washington and the University of California utilized General Motor’s OnStar and Ford’s Sync to take charge of a number of functions in the vehicles. They also were able to exercise these functions through Bluetooth in cars equipped with this cell-phone capability.
As noted in the article, “Nowadays many cars come equipped with cellular connections that perform safety functions, such as automatically calling for help if the driver is in a crash. The researchers found that they could take control of this system by breaking through its authentication system. First, they made about 130 calls to the car to gain access, and then they uploaded code using 14 seconds of audio.”
What the researchers have accomplished opens the door for illegal activity by hackers. As reported in the article, “The team analyzed possible attack scenarios as well. For example, they showed that high-tech car thieves could search for desired models of cars, identify their locations, and unlock them, all without any forced entry. They could conduct malicious surveillance, such as forcing a car to send out its GPS location at regular intervals.”
The relative ease of access the researchers were able to achieve points out the vulnerability of many of the electronic systems in today’s cars. Car jacking or, worse yet, some vehicular control while the car is in motion, could have dire consequences for the driving public. Consider what might happen on a freeway during rush hour when malicious hackers are able to control the electronic systems within multiple cars.
Car manufacturers must be extremely vigilant in making sure their electronic systems cannot be readily hacked. The ease with which the researchers were able to access and then manipulate the on-board computers on cars from different vendors is warning enough for auto makers to step up the implementation of extra protection measures. No one wants to experience the sudden loss of control or erratic vehicular behavior while cruising down the interstate.
Paul Milo
Editorial Director
[email protected]