It was once said that by English playwright William Congreve “music has charms to soothe a savage breast, to soften rocks, or bend a knotted oak.” As per the latest research, music actually lets hackers break into your car.
Researchers at UaC & University of Washington have spent years trying to fin security flaws in modern cars which are controlled via mini-computer systems and so far they have identified a bunch of security flaws in cars.
The most interesting attacks were triggered via car’s Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops.
The one that interested us was on the Car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on P2P file-sharing networks without arousing suspicion.
“It’s hard to think of something more innocuous than a song,” said Stefan Savage, a professor at the University of California.
The same team had achieved wide Car hacks in experiments in which they were able to kill the engine, lock the doors, turn off the brakes and falsify speedometer readings on a late-model car of 2009. In that experiment, they had to plug a laptop into the car’s internal diagnostic system in order to install their malicious code. In 2010, team also hacked Cars from wireless tyre sensors.
But the latest research, is about remotely controlling cars. The attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. “The easiest way remains what we did in our first paper: Plug into the car and do it,” he said.
Car Hacking: Possibilities & Future
Now, thieves could instruct cars to unlock their doors and report their GPS coordinates and Vehicle Identification Numbers to a central server. “An enterprising thief might stop stealing cars himself, and instead sell his capabilities as a service to other thieves,” Savage said. A thief looking for certain kinds of cars in a given area could ask to have them identified and unlocked, he said.
With the high technical barrier to entry, the researchers believe that hacker attacks on cars will be very difficult to pull off, but they say they want to make the auto industry aware of potential problems before they become pervasive.
Another problem for would-be car thieves is the fact that there are significant differences among the electronic control units in cars. Even though an attack might work on one year and model of vehicle, it’s unlikely to work on another. ”
So far, carmakers have been very receptive to the university researchers’ work and appear to be taking the security issues they’ve raised very seriously.