Hackers Hack Cars Remotely, disable Engines, brakes

car pwnedHow far can softwares hackers reach? Perhaps, everywhere where software reaches? In a world where a complete PC can be hacked with a USB stick, everything appears possible.

In a paper[ by autosec], the security researchers claim that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some Really nasty things, such as turning off the brakes, changing the speedometer reading, wishfully blowing hot air or music on the radio, and even locking passengers in the car.

Earlier, same hackers hacked into a test car’s braking system and prevented the test driver from applying brakes. Additionally, they were able to kill the engine, falsify the speedometer reading, and automatically lock the car’s brakes unevenly. The test was done by attaching a laptop into the car’s diagnostic system and then controlling that computer wirelessly, from a laptop in a vehicle driving in close vicinity of the car. However, if this laptop had been on 3G, possibilities of remote control/hacking were endless.

Stefan Savage, an associate professor with the UoC, describes the real-world risk of any of the attacks they’ve worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim’s car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow’s cars, they see some serious areas for concern.

Obviously, if there’s no action taken on the part of all the relevant stakeholders, then I think there might be a reason to be concerned.Researchers found existing automotive systems to be tremendously vulnerable to easy hacks.

The Car hacking is all cooked with Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built (2008 onwards). The concept is simple: they developed a sniffer called CarShark that listens in on CAN traffic as it’s sent about the onboard network, and then inject their own packets. By learning the complete protocol of the car’s controls, its not hard to control almost anything from radio to popping car’s trunk.

A lot of it is done with Brute-force too: The specific jargon is called “fuzzing” — where they simply bombard a large number of random packets at a component and analyze the response.

In addition, the researchers found that they could change the firmware on some systems without any sort of authentication. In another attack called “Self-destruct”  a 60 second countdown is shown on the driver’s dashboard with  clicks, when the time hits zero, the car’s engine is killed and the doors are locked. To give you an idea of how simple it is, it was done with less than 200 lines of code — and  most of it devoted to keeping time during the countdown.

This clearly shows how vulnerable these softwares are. Car manufacturers are introducing some great features into modern cars though, falling back on security. These manufacturers should start worrying about security more than anything else or in future someone else might take over control, while you are on the way.

Update: Hackers Hack Car with Music

[via nww]

We write about GoogleTwitter, SecurityOpen SourceProgrammingWebAppleiPhone,Android and latest in Tech @taranfx on Twitter or by subscribing below:

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Filed in: Security Tags: , , ,

Related Posts

Bookmark and Promote!

  • cool, enjoyed this post,. there is no field where hackers cannot reach. if there is a bad will there is a way. cheers!!!!!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • This is prety scary stuff that hackers can do .

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Extremely interesting article! Its seems the last thing you want to do is piss off a hacker!

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
© 2016 Geeknizer. All rights reserved. XHTML / CSS Valid.
Designed by taranfx.