Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search


(14,923 posts)
Tue Jun 25, 2013, 03:10 PM Jun 2013


Could Michael Hasting's car crash have been caused by a remote attack? Technically, yes

Conspiracy theories about the cause of the car crash that killed investigative reporter Michael Hastings on June 18 started sprouting immediately after the news of his death broke. So far, no conclusive evidence supports foul play, but on Monday, counter-terrorism expert Richard Clarke made news when he told the Huffington Post that the circumstances of Hasting’s car chase were “consistent with a car cyber attack.” While hastening to state that he was not saying he believed the crash was a purposeful attack, Clarke did observe, reported the Huffington Post, that “‘There is reason to believe that intelligence agencies for major powers’” — including the United States — know how to remotely seize control of a car.”

Clarke served during both Bush presidencies and under Bill Clinton, so presumably he wasn’t speaking completely off the cuff. But just what is a “car cyber attack”? The answer can be found in two alarming papers by researchers at the University of Washington and the University of California, San Diego, “Experimental Security Analysis of a Modern Vehicle,” and Comprehensive Experimental Analyses of Automotive Attack Surfaces. Taken together, the papers make for scary reading. In the first the researchers demonstrate that it is a relatively trivial exercise to access the computer systems of a modern car and take control away from the driver. The second demonstrates that such mayhem can be achieved remotely, via a variety of methods. The inescapable conclusion: The modern car is a security disaster.

Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled bydozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks… We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.

We have endeavored to comprehensively assess how much resilience a conventional automobile has against a digital attack mounted against its internal components. Our findings suggest that, unfortunately, the answer is “little.” The researchers’ findings are not theoretical. They were able to attack a 2009 model sedan and render its brakes ineffective while a test driver was operating the car. The computerization of the modern car has been aggressively evolving for decades. (Ironically, the researchers credit California’s clean air laws in the 1970s with providing the first incentive for moving car engines into the digital era.) But it might come as a surprise to the average person just how interconnected and accessible today’s high tech cars are. “Such [computer] systems have been integrated into virtually every aspect of a car’s functioning and diagnostics, including the throttle, transmission, brakes, passenger climate and lighting controls, external lights..”


2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
HACKING A CAR Is Way Too Easy (Original Post) Segami Jun 2013 OP
Both papers cited state the car must be physically breached to hack REP Jun 2013 #1
Hacking brakes, engines and more! -- proof of concept for auto security nashville_brook Jun 2013 #2


(21,691 posts)
1. Both papers cited state the car must be physically breached to hack
Tue Jun 25, 2013, 03:19 PM
Jun 2013

A device must be physically connected to 'hack' a car; either that device must be left in place or left long enough to transfer malicious code - that could theoretically disrupt the ABS or anti-slip program (I can disable that myself with a switch on my car, oh the horror). We are not at risk from being remotely hacked from the skies.

Learn how your car works. RTFM, FFS.


(20,958 posts)
2. Hacking brakes, engines and more! -- proof of concept for auto security
Tue Jun 25, 2013, 03:36 PM
Jun 2013

Proof-of-Concept CarShark Software Hacks Car Computers, Shutting Down Brakes, Engines, and More

Using homemade software and a standard computer port, a team of scientists has figured out exactly how easy it is to hack into a modern car -- scary news for motorists already wary of faulty brake and accelerator systems.
The research team wrote code that allows them to turn off the brakes in a moving car, change the speedometer reading, blast hot air or music on the radio, and lock passengers inside the car, PCWorld reports.

The team, led by Stefan Savage, an associate professor with the University of California-San Diego, and Tadayoshi Kohno of the University of Washington, will report on their findings in
a paper to be presented at a security conference next week.

While hacking modern-day autos is nothing new, the team's work is meant to encourage the auto industry to highlight security as it develops new computer systems. As the researchers note, many computer systems were designed to increase security -- think anti-lock brakes.

"It is not clear whether vehicle manufacturers have anticipated in their designs the
possibility of an adversary," the paper says.
Latest Discussions»General Discussion»HACKING A CAR Is Way Too ...