May 282010

Hacking Car Computer Systems

The alarming number of safety recalls appearing in headlines of late is worrying enough.

Now researchers have shown that it’s possible to take away driver control of a moving vehicle by remotely hacking into relatively insecure computer systems common in modern automobiles. The team managed to break into key vehicle systems to kill the engine, apply or disable the brakes and even send cheeky messages to radio or dashboard displays.

Many of the safety, efficiency and performance improvements seen in today’s automobiles have been achieved with the help of the numerous computerized systems monitoring and controlling various aspects of what makes up a modern car. According to an article in IEEE Spectrum last year, an “S-class Mercedes-Benz requires over 20 million lines of code alone” and “contains nearly as many ECUs as the new Airbus A380 (excluding the plane’s in-flight entertainment system).” The author notes that cars will soon “require 200 million to 300 million lines of software code.”

The search for security holes

With the vast majority of registered cars in the U.S. having key components controlled by computer technology and completely autonomous vehicles currently in development, a couple of research teams from the Computer Science and Engineering departments of the University of Washington and the University of California San Diego decided to fill a gap in automotive security research and look at whether such systems were vulnerable to the kind of attacks which have plagued Internet-connected computers for years.

Coming together as the Center for Automotive Embedded Systems Security, the Washington team led by Professor Tadayoshi Kohno and the San Diego team led by Professor Stefan Savage first bought a couple of 2009 test cars containing “a large number of electronically-controlled components and a sophisticated telematics system.”

Direct access to internal systems was achieved by connecting a laptop to the on-board diagnostics port, which is now mandatory in the United States and “provides direct and standard access to internal automotive networks.” Attached to these networks are all sorts of sensors, diagnostics and wireless systems – many of which can be directly upgraded by a user – which could be used to attack or control automotive subsystems.

Reblog this post [with Zemanta]

Other Interesting Posts

Leave a Reply

%d bloggers like this: