Sign up to our newsletter
Security researchers from the University of California at San Diego in the US have demonstrated their ability to remotely hack into a car with a ‘simple text message’.
At the 24th edition of the USENIX Security Symposium, the team showed attendees how they were able to wirelessly – via SMS – gain control over certain features of a 2013 Corvette.
Not only were they able to play around with its windscreen wipers, but they were also capable of taking control of its brakes. More worryingly, they could disable them altogether.
They were able to do this through a dongle that is traditionally plugged into an onboard diagnostics port on a vehicle to track its fuel efficiency and mileage (usually for insurance purposes).
The research team, led by Stefan Savage, a professor from the Department of Computer Science and Engineering at the University of California, said that a flaw in the design of the device meant it was susceptible to being hacked and controlled remotely.
Speaking to Wired, professor Savage said: “We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies.”
Although this particular type of hack on this particular type of vehicle is only possible at low speeds, the team nevertheless believes that with slight modifications, they can just about attack any car.
Moreover, they said that the flaw in the design of these dongles – which in this instance is a OBD2 dongle designed by the French manufacturer Mobile Devices – means other features of a car can also be controlled (including locks and even the steering wheel).
News of this comes on the back of a similar demonstration on the supposedly impenetrable Tesla Model S. With great difficulty, two security professionals showed how they could eventually take control of this vehicle.
However, even then, Kevin Mahaffey and Mark Rogers found that Tesla has measures in place to reduce the severity of a such an attack. Mr Rogers told Forbes: “Ironically that means it’s the only car that can protect itself against a successful cyberattack.”
Author Karl Thomas, ESET