A group of researches will be presenting information at a security conference on how they have successfully cracked into a vehicles computer system. Some of the disturbing accomplishments were that the researches were able to disable the cars braking system, and while the vehicle was moving, the driver had no brakes. Some of the other hacks included changing the heating and cooling system[blasting hot air at the driver], disabling the radio or blasting music at the driver and more.

In a recent report it also stated that:

“In starting this project we expected to spend significant effort reverse-engineering, with non-trivial effort to identify and exploit each subtle vulnerability,” they write in their paper. “However, we found existing automotive systems-at least those we tested-to be tremendously fragile.”

To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008. They developed a program called CarShark that listens in on CAN traffic as it’s sent about the onboard network, and then built ways to add their own network packets.

Step-by-step, they figured out how to take over computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn.

They developed a lot of attacks using a technique called “fuzzing” — where they simply spit a large number of random packets at a component and see what happens.

“The computer control is essential to a lot of the safety features that we depend on,” Savage said. “When you expose those same computers to an attack, you can have very surprising results, such as you put your foot down on a brake pedal and it doesn’t stop.”

This is interesting research results, but I seriously doubt this currently will pose a problem. However, some day hackers may be able to have easier access to our cars if and when more wireless features are introduced on future vehicles.

Comments welcome.

You can read the complete report in .pdf  here.

Source – PC World

Reblog this post [with Zemanta]