Search This Blog

Thursday, July 25, 2013

Hackers hijack software in a CAR and remotely control the steering, brakes and horn using a laptop

Forget hacking accounts, computers or mobile devices - security engineers from Indiana have managed to hack the software inside the Toyota Prius and Ford Escape.

Using a laptop wirelessly connected to the car's electronics, Charlie Miller and Chris Valasek were able to remotely control the brakes, the accelerate, change the speedometer, switch the headlights on and off, tighten the seatbelts and even blast the horn.

The project was funded by a grant from the U.S Defense Advanced Research Projects Agency to highlight the security risks affecting modern-day cars.

Miller, a security engineer at Twitter, and Valasek, Director of Security Intelligence at IOActive, are due to officially announce their findings at the Def Con 21 conference in Vegas the weekend of the 1-3 August.

However, they have given Forbes journalist Andy Greenberg a preview by taking him for a test ride in their hijacked vehicle.

According to Greenberg, the majority of American car manufacturers provide a mobile or Wi-Fi network in their vehicles.

Many cars additionally come with built-in software that runs on an operating system in a similar way to phones and computers.

These include the 2010 models of the Ford Escape running the Ford SYNC software, and the Toyota Prius' Safety Connect.

By hacking this network and exploiting Bluetooth bugs this software becomes hackable and makes it possible to send remote code executions from a mobile device.

Remote code executions let people remotely control the car's features.

During his hour-long test drive, Miller and Valasek demonstrated to Greenberg they could send commands from their laptop to accelerate to high speeds before slamming the brakes on.

The pair also disabled the power steering, tricked the GPS into thinking it was in a different location, adjusted the speedometer and honk the horn -  all remotely.

The steering, for example, was hacked by exploiting the Toyota and Ford's self-parking features.
Toyota said 'it isn't impressed' with Miller and Valasek's hack and claimed its systems were robust and secure.

A Ford spokesman said they were taking the hack 'very seriously'.

Researchers from the University of Washington and the University of California, San Diego were the first to publish findings into hacking software in cars in 2010.

Valasek told Greenberg: 'Academics have shown you can get remote code execution. We showed you can do a lot of crazy things once you’re inside.'

No comments:

Post a Comment