An investigation into supposed problems with the computerized braking systems of Toyota Prius led to some surprising results. A group of scientists reported that they were able to control cars by using the Bluetooth connections, as well as the OnStar and Sync systems installed on GM and Ford vehicles.
The “car-hacker” team includes University of Washington’s Tadayoshi Kohno and University of California’s Stefan Savage. They found out that the cellular systems installed on many new vehicles could be used to upload code via audio and take control over the vehicle’s functions, allowing them to drive and stop the car, and many other actions.
Almost all modern vehicles have diagnostics ports installed under their dashboards, a measure that was made mandatory through federal regulations. There diagnostics ports have allowed other scientists to take control of the cars equipped with them, provided the team had physical access to the system.
However, the new hacking method is totally different, because previous physical access is not required and the team was able to take control over vehicles remotely.
How Did They Do It?
The researchers have been investigating various security issues of computer systems on cars. During their investigations, they managed to control things like door locks, breaks, and the displays on the computerized dashboards. They were able to do these things on Ford cars, through Sync, and GM cars, through OnStar, as well as by using Bluetooth, and thus achieve the purpose of their study, which was to see if they could take control over cars’ computer systems without having physical access to them.
The research team used sedans that were mass produced in 2009. The cars had fewer computerized systems on board than most high-end vehicles have today. When the team attacked the car via Bluetooth, they discovered a vulnerability that allowed them to upload and execute codes that gave them control over the car’s functions. The vulnerability was discovered in Bluetooth’s implementation. The team found not-quite-legal ways to authorize a new connection between a smartphone and a car’s Bluetooth, or used a smartphone that was already connected to the car.
They also used the cellular connections that many present-day cars have for safety and assistance functions, such as emergency calls in case of a crash. They managed to take control of the car through these systems by circumventing the authentication system. To do that, they called the vehicle some 130 times, which allowed them to gain access to the system. After that things were pretty simple. Without the authentication system to stop them, the scientists uploaded a code through a 14-minute audio. They also hacked in by using the car’s media player.
Tadayoshi Kohno said that the team was extremely surprised to find so many ways in which it could breach a car’s security systems and take control over its functions. The team also looked at a variety of ill-intent scenario. In one such scenario, they showed that a car equipped with high-tech computer systems could be found out by thieves, which would also be able to know their location, by using malicious code to force the GPS signal transmissions at regular intervals, unlock them or sabotage them.
The discovery indicates that car manufacturers need to take their research a step further in order to improve the security of on-board computerized systems, because the current lack of security could lead to a wider range of threats. Some companies are already looking into the matter. Of note would be the Evita project in Europe.
Kohno said that the threat to consumers is not immediate, since a team of 10 scientists needed two years to figure out the vulnerabilities and how they could be exploited, and they added that hacking and taking control of a car’s computerized systems is not something that anyone could accomplish from the garage. Nonetheless, hackers have proven to be surprisingly resourceful in dealing with systems that were more complicated than this.
On the other hand, the team’s discoveries can also be put to good use by law enforcement agencies, which would be able to stop a perpetrator’s vehicle or even drive it to the closest police station, while the criminal is locked inside and unable to control his vehicle.