The researchers declined to speculate about the worse situations, such as interfering with a vehicle’s control system to make it crash. “They can be accessed over arbitrary distance (due to the wide coverage of cellular data infrastructure) in a largely anonymous fashion, typically have relatively high bandwidth, are two-way channels (supporting interactive control and data exfiltration), and are individually addressable.”
“These cellular channels offer many advantages for attackers,” the report said. This allowed them to send commands to the car’s electronic control unit the nerve center of a vehicle’s electronics system which in turn made it possible to override various vehicle controls. In their remote experiment, the researchers were able to undermine the security protecting the cellular phone in the vehicle they bought and then insert malicious software. These subscription services make it possible to track a car’s location, unlock doors remotely and control other functions. “In the case of every major manufacturer, if they do not have this capacity in their mainstream products, they’re about to,” said Tadayoshi Kohno, an assistant professor in the department of computer science and engineering at the University of Washington.įor example, services like General Motors’ OnStar system, Toyota’s Safety Connect, Lexus’s Enform, Ford’s Sync, BMW’s Assist and Mercedes Benz’s Mbrace all use a cellular connection embedded in the vehicle to provide a variety of automated and call center support services to a driver. (They declined to identify the brand, saying that advanced telematics are rapidly becoming commonplace within the automotive industry.) Their latest study was the first time that independent computer security researchers have tried to show how potential attackers could hack into a car from a remote location.Īs in their first experiment, the research teams bought a car they described as a representative example of a moderately priced sedan. That project tried to show that the internal networks used to control systems in today’s cars are not secure in the face of a potential attacker who has physical access to the vehicle. The new report is a follow-on to similar research these experts conducted last year, which showed that cars were increasingly indistinguishable from Internet-connected computers in terms of vulnerability to outside intrusion and control. Computer security researchers have long argued that wholesale computerization and Internet connectivity of complex systems present new risks that are frequently exploited first by vandals with malicious intent.
The car security study is one of a growing array of safety concerns that are emerging as the Internet comes in contact with almost every aspect of daily life, be it through financial systems or industrial controls.
Given that the researchers were able to do it, they are now trying to pinpoint just how hard it might be for others, he said. “This report explores how hard it is to compromise a car’s computers without having any direct physical access to the car,” said Stefan Savage of the University of California, San Diego, who is one of the leaders of the research effort.
They described a range of potential compromises of car security and safety.
Project cars go hack Bluetooth#
Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place.īecause many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features like the car locks and brakes as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data, the researchers said. With a modest amount of expertise, computer hackers could gain remote access to someone’s car just as they do to people’s personal computers and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington.Īlthough no such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it.
0 kommentar(er)
