In a recent development, security engineers from Indiana have hacked into the software of the 2010 models of both the Toyota Prius and the Ford Escape using laptops which were connected to the cars’ electronic systems. This development came about as a result of funding by a grant from the U.S Defense Advanced Research Projects Agency (DARPA) aimed at highlighting and eliminating security risks which affect modern cars.
The team of Charlie Miller, a security engineer at Twitter, and Chris Valasek, the director of security intelligence at the Seattle consultancy IOActive, was able to send commands in order to carry out the following actions:
- Blow the horn
- Accelerate and brake
- Switch the headlights on or off
- Tighten seatbelts
- Disable the power steering system
- Alter readings displayed by the speedometer and petrol gauge
- Drain the battery by stopping the car from powering down
- Alter GPS readings
- Control the steering at any speed
Forbes journalist Andy Greenberg was able to experience the exploits of Miller and Valasek first hand in their test Ford Escape and noted that the actions were carried out via a laptop connected to a data port near the parking brake.
Ford was reported as saying that they took the hack very seriously while Toyota were less impressed with their safety manger John Hanson, arguing that the hack required a physical data connection and was not executed wirelessly. However, Miller and Valasek point out that wirelessly gaining access to a vehicles critical systems has been achieved before by researchers at the University of Washington and the University of California, San Diego while experimenting on an unknown test vehicle. Furthermore, Greenberg noted that the majority of American car manufacturers utilize either a cellular service or Wi-fi network in their vehicles.
It is true that Miller and Valasek’s hack was not carried out wirelessly but there is strong evidence to suggest that all of the actions they carried out with a wired connection could be carried out wirelessly… if a car has wireless connections, of course. This is a serious cause for concern as you could imagine how dangerous it would be to have your steering yanked while driving in traffic. The duo plan to present their findings at Defcon — a well known hacker’s conference — next month in Las Vegas.
Hopefully their work will put some pressure on the auto industry to fix the potentially catastrophic weaknesses in their vehicles’ software. With more and more technology and computers being integrated into the design of vehicles, the risks of security breaches are mounting even though it is an area which has not received a great deal of exposure. Even if the possibility of attacks like those carried out by Miller and Valasek are far off into the future their findings definitely give us some food for thought.
Take a look at the two security engineers in action from the video below.