Two researchers are to demonstrate a “hack” that allows control over automobile systems including brakes and steering in models by Ford and Toyota – overriding the commands sent by the driver.
The “hack” can’t be used to “remote control” a vehicle, but Charlie Miller and Chris Valasek claim that their software can override the Electronic Control Units (ECUs) in a Toyota Prius and Ford Escape, by plugging a MacBook into a diagnostics port used by mechanics.
“‘Imagine you’re driving down a highway at 80 ,’ Mr Valasek said in an interview with Forbes. ‘“You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”
The researchers stress that they have not created a mechanism for remote attacks, and say that their research aims to raise awareness of vulnerabilities in these systems.
“At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there,” said Mr Miller, in an interview with the BBC. “We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”
The hack will be shown off at DefCon 21 on Friday, August 2, in a presentation entitled “Adventures in Automotive Networks and Control Units”
“These types of message are usually used by mechanics to diagnose problems within the automotive network, sensors, and actuators. Although meant for maintenance, we’ll show how some of these messages can be used to physically control the automobile under certain conditions.,” says Valasek.
“So there you have it. While we are NOT covering any remote attack vectors/exploits, we will be releasing documentation, code, tools, sample traffic from each vehicle, and more. At the very least you will be able to recreate our results, and with a little work should be able to start hacking your own car!”
Author Rob Waugh, We Live Security