Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]

“Let’s talk about your car….”

– Ralph Spoilsport Motors, Firesign Theater (1), “How Can You Be in Two Places at Once, When You’re Not Anywhere at All?

And, let’s talk about HACKING your car…!

That’s right! HACKING your CAR…! :-)

I admit it.

The first time that I saw a TV commercial that Microsoft’s “Sync” technology was included with Ford automobiles, I wondered if it would cost me MORE to order an automobile WITHOUT it! :-) But it’s not just Ford and Microsoft…. And it’s not just entertainment and navigation systems…. A variety of automobile manufacturers include complex software and hardware systems in their vehicles.

Today, Elinor Mills has a column that talks about researchers from two universities – the University of Washington and the University of California, San Diego (UCSD), who will present a paper (you can download the PDF) at the IEEE Symposium on Security and Privacy in Oakland, California, on Wednesday.

According to the abstract of the paper:

“We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash.”

Well, well, well…. That should help professional assassins (and intelligence agencies) a good deal. :-) Especially on winding roads in mountains and on the coast. There may be more important people in “auto accidents” in our news in the future!

Elinor Mills of CNET interviewed Stefan Savage of UCSD and Tadayoshi Kohno of the University of Washington about the tests, and what the findings mean. I will touch on a few highlights, but read the article.

As the above portion of the paper’s abstract indicates, the researchers could:

“… lock the brakes, the engine, and windows on a car; turn on the radio, heat, and windshield wipers; honk the horn; and change the speedometer display.”

In the interview, UCSD’s Savage states:

“If you look at PCs in the early 1990s, they had all kinds of latent software vulnerabilities. It didn’t matter so much because PCs were at home and not connected to everything else. Then they were connected to the Internet and the latent vulnerabilities were exposed to outside attack. We see cars moving in much the same direction. There is a strong trend to provide pervasive connectivity in cars going forward. It would be good to start working on hardening these systems and providing defenses before it becomes a real problem.”

Kohno mentions a software tool that they wrote called “CarShark” that runs on a computer that plugs into the On-Board Diagnostics II port, and it can sniff and inject packets on the network. Savage mentions that they are not RELEASING the software.

Savage dodges Elinor’s question about compromising a car REMOTELY, and said they have “…talked with the appropriate parties, which we can’t name.” :-)

I have not made it all the way through the original paper yet, but it should make FASCINATING reading.

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. Be a “Facebook Fan” of Cheshire Cat Photo here! If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.

©2010 William F. Hackett. All Rights Reserved.

No Comments to ““Let’s talk about your car….””

  (RSS feed for these comments)

You must be logged in to post a comment.

InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player