Researchers Hack Car Systems

By Alice Straight, TMCnet Web Editor

A paper  set to be presented at a security conference in Oakland, Calif. next week, reveals that two researchers found that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car.

In a late 2009 demonstration at a decommissioned airfield in Blaine, Wash., the team of university researchers hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes. In other tests, they were able to kill the engine, falsify the speedometer reading, and automatically lock the car's brakes unevenly, a maneuver that could destabilize the car traveling high speeds. They ran their test by plugging a laptop into the car's diagnostic system and then controlling that computer wirelessly, from a laptop in a vehicle riding next to the car.

While the researchers declined to name the cars they were able to hack, they found the process relatively simple.

To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008. They developed a program called CarShark that listens in on CAN traffic as it's sent about the onboard network, and then built ways to add their own network packets.

They took over the  computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn.

Many of the attacks were developed  using a technique called 'fuzzing' - where a large number of random packets are thrown at a component and see what happens. And in another discovery the researchers found that they could change the firmware on some systems without any sort of authentication.

In one attack that the researchers call 'Self-destruct' they launch a 60 second countdown on the driver's dashboard that's accompanied by a clicking noise, and then finally warning honks in the final seconds. As the time hits zero, the car's engine is killed and the doors are locked. This attack takes less than 200 lines of code -- most of it devoted to keeping time during the countdown.

(source: http://it.tmcnet.com/topics/it/articles/85269-researchers-hack-car-systems.htm)