Who’s Driving?

Car hacked

Its 2012 and you’ve just bought yourself the latest and sportiest version of a “whatevermobile” and you can’t wait to show it to your executive buddies and trophy girl friend.

It has the latest stability control and an LCD instrument cluster that is completely customizable.  There is the very latest GPS that makes last year’s version seem like a paper road atlas.  Roaming WiFi ensures that you can stay in touch with the ever present demands of your profession and provide you the ability to delegate anything but the most choice work assignments.

This car will ensure that you don’t fall asleep, tailgate, hit a pedestrian, or miss a turn, even at night in the rain.  No matter how aggressively you apply power it will always get you around the most difficult corner and still keep the cabin stable on the chassis.  It is a dream come true for you.

At least until today.  At least until now.  Something has dramatically changed. It is as if the car has a mind of its own.  You are just trying to figure things out when all the door locks cycle through and lock themselves.  Then your instrument panel lights up with a message.  You’ve been car-jacked.  The car is being controlled – but not by you.  A jab on the brake pedal feels like it should but nothing happens.  The message on the dashboard tells you that you have a bomb on board and that you must transfer funds from your financial accounts via WiFi if you want it disarmed. 

There is nothing you can do but obey the demands.  Your accounts are wiped out and you are locked for eight hours in the car.  By the time the hackers have released you it is too late to apprehend or even trace them.

Does this sound like an implausible movie script?  Today’s cars have become far more sophisticated and complex than you can imagine.  Many of these “improvements” are mandated by government regulations and along with all this sophistication come vulnerability.

Back in 2007 the chief security engineer for Inverse Path Ltd. worked with the company’s hardware hacker to break in to an automotive satellite navigation system.  They used off the shelf equipment to transmit code number alerts over Radio Data System (RDS), a European standard used in North America that allows FM radio stations to provide traffic information and identify the radio station to the listener.  The RDS system isn’t encrypted nor is it authenticated. 

In November of 2009 researchers from the University of Washington and the University of California were able to hack into a moving car and change its speed and turn off its brakes using an application called CarShark.  The researcher driving the subject car described the unsettling feeling of having complete loss of control.  He got full resistance from the brake pedal, but nothing happened.  The setup allowed the hackers to remotely turn lights off and on selectively, operate windshield wipers, honk the horn, pop the trunk, rev the engine, disable specific cylinders, engage individual brakes, or completely shut down the vehicle while it was in motion.

This past March, Omar Ramos-Lopez, a twenty-year-old disgruntled former employee of Texas Auto Center in Austin remotely disabled over 100 cars owned by customers by cyber-jacking the Pay Technology black boxes that the dealer installed in its high-risk customer’s vehicles. 

A lot of amazing features exist in our cars and more are being piled on with every model change, just be aware that so far little or nothing has been done to secure those features from attackers.

This entry was posted in Automobiles, Car Stuff, Care and Feeding, Cars and tagged , . Bookmark the permalink.

11 Responses to Who’s Driving?

  1. Soazmatron says:

    Hahahhaah love it the picture scared me a little

  2. Rodney says:

    So whatever happen to keep both hands on the wheel? Great picture!

  3. Pingback: Xenatec Maybach 57 Coupe amazing - ABA News

  4. Jim says:

    You’re making me want to go out and buy a 1966 Ford or a 1972 Oldsmobile, anything with no microprocessors in it.

  5. Noel says:

    Does this just apply to cars with OnStar, or any car of recent vintage? Wouldn’t there’d have to be some kind of antenna on the car that’s connected to the ECU?

    I know it works with OnStar, and GM has even had ads talking about how it can be used to slow down or disable stolen vehicles.

  6. jimsgarage says:

    There are some other premium cars with setups similar to OnStar. More cars are going to be connected via WiFi and, as stated above there was a way in through the GPS that is not protected.
    There has been talk that the follow-on to OBD II have wireless built in so that cars whos emissions are suspect can be located or even turned off. Law enforcement hear about that and find the concept very attractive.

  7. Noel says:

    Buy a car with those flaws and features and it’s time to do some re-wiring and hacking.

    All the more reason to keep an older car longer!

  8. drsideways says:

    Fun and independence is rapidly descending to cross word puzzles with a non sharpened pencil.

    A 1947 Chevy Pickup is looking better all the time. Time to renew the Hemmings subscription…

  9. Mark says:

    BMW wants to integrate credit cards with car keys. Brilliant, another electronic gadget that nobody needs, but will become a potential back-door for hackers.

    And if that wasn’t enough:

  10. jimsgarage says:

    Great link there Mark – many thanks.


  11. Pingback: Who’s Driving – Revisited | JIM'S GARAGE

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s