Patterico's Pontifications


Can Government Hackers Control Your Car Wirelessly?

Filed under: General — Patterico @ 7:55 am

This story is a few days old, but I still want to write about it because it’s important.

The video at the bottom of this post is a must-watch video. It shows two hackers with a DARPA grant controlling functions of a car from the backseat, using a Macbook. From Forbes:

Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV’s chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat.

Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day’s experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn’t so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.)

“Okay, now your brakes work again,” Miller says, tapping on a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake. I reverse out of the weeds and warily bring the car to a stop. “When you lose faith that a car will do what you tell it to do,” he adds after we jump out of the SUV, “it really changes your whole view of how the thing works.”

The best part? This can, in theory, be done wirelessly.

The need for scrutiny is growing as cars are increasingly automated and connected to the Internet, and the problem goes well beyond Toyota and Ford. Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue.

We’re getting to the point where all someone needs to do is hit a button on his keyboard that says “smite.”

In unrelated news, journalist Michael Hastings was killed recently in a fiery car wreck in Los Angeles, while reportedly working on a big story involving top government figures.

Cue Twilight Zone music; exeunt alles.

Here’s the video:

23 Responses to “Can Government Hackers Control Your Car Wirelessly?”

  1. Old news. This was done years ago, wirelessly. The hacks are very specific for models, years, and sometimes, specific computer code versions.

    Scary, yes; new, no.

    Neal (926897)

  2. Since this can be done, shouldn’t Hastings crash be investigated from this angle? It’s absolutely possible that he was joy riding and crashed. But it seems to also be possible that someone wanted him dead.

    Ghost (996b5a)

  3. Neal, years ago we had some reason to believe that the FBI, DOJ, etc., were working to uphold the rule of law and individual rights. Notice also that the work was funded by DARPA. Got a feeling that the grant is about to be withdrawn, hopefully without prejudice. Transparency, as in displaying this technology, is a campaign slogan not a policy of our regime.

    Other news, Kokesh is being held without bail pending his hearing in the second week of August for displaying a loaded shotgun in Washington, D. C. on July 4th. Political theatre in support of the 2nd Amendment is apparently sufficient reason to be judged “a very dangerous man”. No need for trials and juries when dealing with such dangerous characters, look for procedural delays, judges with neck braces and the like. Or perhaps until some acccident within the jail eliminates the need to have the hearing at all.

    Breaking news, trial of the Fort Hood shooter may actually start within a week or two … just three years and nine months after the event.

    bobathome (c0c2b5)

  4. I am wondering, how is this safe?

    If this is safe then surely controlling something that runs on rails is safe, but I don’t know of any fully automated train. What abouyt obstuctions? What if there is a derailment that is not supposed to happen? What if something falls down oin teh tracks?

    There was once a science fiction story that took place in a world where all cars ran along rails.

    Sammy Finkelman (d22d64)

  5. My practice of driving 15 year old 4×4 trucks is looking smarter by the day.

    SPQR (768505)

  6. Note that they had to physically install receivers into the computer systems for the prius in order to execute these commands. That means that hackers would have to access your vehicle undetected in order to perform these functions.

    For black hats intent on killing you and making it look like an accident, there are easier ways to do things than tearing the dash panels off your vehicle, installing remote-access hardware (that could be discovered in a post-accident reconstruction) and then driving you into a wall. If you want to go all Bond villain on someone, just drug their drink and push them off a boat.

    I’m not saying it’s not a concern what the video shows, but there are a number of problems with incorporating it into a live hack.

    Hadlowe (33cc56)

  7. Simple answer: all network connections MUST originate from inside the car. The button must be pushed to connect, and pushing it again severs all network connections.

    mojo (8096f2)

  8. I’m with you SPQR, I keep some old “analog” vehicles about just for this reason.

    askeptic (b8ab92)

  9. 6- Once all vehicles are OEM with emergency avoidance and traffic speed controls, you can bet that a back-door will be included for outside remote access.

    askeptic (b8ab92)

  10. Hastings was killed in a one car accident that look like it came from hollywood.

    G (f85a02)

  11. askeptic, I figure that the “CHECK ENGINE” light is how I know that the NSA hasn’t installed a new computer chip in the engine compartment…

    SPQR (768505)

  12. SPQR….
    Most ECU’s are located in the passenger cell, where they aren’t subject to the heat of the engine.

    askeptic (b8ab92)

  13. Old, yes but relevant now that the gov wants to mandate that EVERY car have a black box with the design dictated by . . Government.

    And what backdoor code will be hidden in them for later use?

    What if they have bluetooth/wireless capability? (they are talking about cars talking to each other so that means the Gov could either listen in or hi jack.)

    Anyone who’s read SCI FI has read a story about in the future the police being able to disable and/or take over a citizens means of transportation. You know; for everyone’s SAFETY.

    It’s coming folks.

    Soon they’ll input your name(or id code) and be able to bring your life to a (literally) screeching halt.

    Which would be okay if it wasn’t for the fact that good things can be used for bad results and who’s to say that 30 years from now the regime in DC will be as “benign” as it is now?

    Anyone who ignores this stuff deserves what they’re children live with.

    Jcw46 (6106c6)

  14. “It’s coming folks.”

    They’re also poisoning you with contrails.

    heyso (183dc4)

  15. askeptic, damn, I’ve been looking in the wrong place?

    SPQR (768505)

  16. Drive-by trolls are so cute.

    JD (2c92fa)

  17. I thought we solved the “contrail poisoning” problem when we cancelled the SST?

    askeptic (b8ab92)

  18. In the future all cars will be driverless, controlled by a central traffic computer. You just punch in your destination and turn on your Emo. (In a Larry Niven future, taking the car off the central traffic computer will be punishable by dissection in the organ lab.)

    nk (875f57)

  19. So will there still be driver’s seats? Will we be seeing a lot of labrador retrievers and german shepherds in the drivers seats? They’ll love that!

    elissa (861226)

  20. All spaces, up to and including the bedrooms and bathrooms in your homes, will be under 24-hour video and audio surveillance in order to prevent crime. There will be privacy booths allowed, at a luxury tax rate, at designated locations, but you will be screened in advance (kind of redundant really) and monitored coming and going.

    Start getting used to it.

    nk (875f57)

  21. In the Larry Niven future, there are drivers’ controls ergo drivers’ seats (but going on manual except in an emergency is punishable by death).

    nk (875f57)

  22. In the Mack Reynolds future there are no private automobiles but there are automated public cabs free to everyone.

    nk (875f57)

  23. They made the speedometer say that the car was going 199 mph but they could have made the engine go full throttle, but that would have been really dangerous even for a few seconds. Combined with the brake disable the Hasting wreck could be duplicated. It is fair to assume that the presidents cars are designed to make these effects impossible, but every ordinary car is vulnerable by design.

    dunce (15d7dc)

Powered by WordPress.

Page loaded in: 1.3550 secs.