News stories about hackers successfully taking control of cars, using old Nintendo game pads, have been popping up on the Internet over the last few weeks.
The car hackers were actually two security researchers — Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive. These two white hats used a grant from the Defense Advanced Research Projects Agency (DARPA) to suss out how to hack into the network of electronic control units (ECUs) used in modern cars and see what mischief they could do once they gained access.
The cars they hacked into were a 2010 Ford Escape and a 2010 Toyota Prius.
The methods they used were unveiled last Friday at Def Con, a security conference, in Las Vegas. The two researchers also posted a 100-page technical paper here.
Obviously, Miller and Valasek didn’t do this just for the heck of it, or even for the sake of media attention.
In the tech paper, the two researchers make clear that they released “all technical information needed to reproduce and understand the issues involved including source code and a description of necessary hardware.”
Also acknowledged by Miller and Valasek was the genesis of their work in earlier research by a team at the University of Washington. Collaborating with colleagues from the University of California-San Diego, they put together a technical paper entitled “Comprehensive Experimental Analyses of Automotive Attack Surfaces.”
The same tech paper was quoted in EE Times’ previous story, How Hackers Can Take Control Over Your Car.
The work at Washington and Cal-San Diego was tightly circumscribed. It “was meant to only show the existence of such threats” of malicious actions that could affect the safety of automotive systems, wrote Miller and Valasek in their tech paper. “They did not release any code or tools. In fact, they did not even reveal the model of automobile they studied.”
So, the mission Miller and Valasek undertook in their latest exercise was to “expand on the idea” of the previous research and “to demonstrate how on two different vehicles that in some circumstances we are able to control the steering, braking, acceleration and display.” The two researchers are also proposing a mechanism to detect these kinds of attacks in their paper.
In all fairness, in their demo, Miller and Valasek took over some of the car’s systems using a laptop computer connected to its OBD (on-board diagnostic) port, before they went out to drive it using a video-game controller.
Because they literally opened up the dashboard and physically connected the hardware (laptop) inside the car, critics like to downplay the demo by saying that it isn’t really “hacking” after all.
According to the BBC report, a spokesman for Toyota said:
Altered control can only be made when the device is connected. After it is disconnected, the car functions normally. We don’t consider that to be ‘hacking’ in the sense of creating unexpected behavior, because the device must be connected — i.e., the control system of the car physically altered.
This is a quibble that comes close to missing the whole point.
As the Washington/Cal-San Diego team has shown, it’s possible for code resident in some components of an automobile to control critical systems in a car. Their research also showed that such malicious code might be injected by an attacker with physical access to the vehicle, or even remotely — over Bluetooth or the telematics unit.
The difficulty for a hacker to attach hardware inside a car in the real world doesn’t mean that the threats are unrealistic.
As Miller and Valasek wrote in their paper, the point is that “If an attacker (or even a corrupted ECU) can send CAN packets, these might affect the safety of the vehicle.”
In fact, the goal of the research was to see what could be done when hackers gain access to the ECU network. It’s irrelevant whether it’s done locally or remotely; access to a single ECU provides access to the whole network, and gives the ability to inject commands, according to the two researchers.
The two researchers concluded:
The hope is that by releasing this information, everyone can have an open and informed discussion about this topic. With this information, individual researchers and consumers can propose ways to make ECUs safer in the presence of a hostile CAN network as ways to detect and stop CAN bus attacks. This will lead to safer and resilient vehicles in the future.