US researchers from the universities of California and Washington will present a paper this week at a security conference in California that will likely set the automotive industry into a spin – provided it gets sufficient traction in the media.
It seems the modern car has become so computer controlled it’s vulnerable to cyber attack.
This story reads like what happens when Dorothy drives down the rabbit hole with Ethan Hunt and Rod Serling. In a demo of just what a malicious hacker can do to a modern car, held at a decommissioned airfield in Washington last year, researchers were able to remotely lock the car’s doors, kill the engine, change the speedo calibration so it no longer reported the correct speed, blast hot air into the cabin, and keep the stereo up on ‘11’ – all despite driver intervention.
That’s not all: they were able to prevent the brakes from operating, regardless of how hard the driver hit the brake pedal. And, equally nasty, they were able to command the brakes to apply – unevenly. These last two events read like deleted scenes from The Matrix, except they’re real.
In one demo ‘attack’ the researchers called “self destruct” they were able to launch a 60-second countdown visible on the dashboard and complete with second-by-second beeps on the audio system. In the final seconds, there are more strident warning beeps, then the engine just dies and the doors lock. Cue the Twilight Zone theme.
The self-destruct attack takes just 200 lines of computer code – most of which, say researchers, are used to keep time during the countdown.
Here’s how they do it.
All modern cars have a computer entry port so the dealers can hook up a bespoke diagnostic computer. This computer hooks into a system in the car called a Controller Area Network (CAN), which is just like, say, a home or office network integrating individual computer systems – only these ones control the engine and transmission, steering, brakes, central locking, etc.
The researchers wrote a program that they called CarShark, which was used to eavesdrop on the CAN traffic and develop its own data packets which it could then inject into the CAN.
Then they used a hacker technique called “fuzzing” in which they send a large volume of random packets of data into the car’s operating system to see what happens. (There’s already a name for that – trial and error – but ‘fuzzing’ sure sounds cooler.) After a while, it seems you can map out exactly how to do a range of really antisocial things – not unlike what a hacker can do you your unsecured wireless network at home, only with additional potential for mayhem provided by Newton’s Laws of Motion.
Associate Professor Stefan Savage from the University of California told Bloomberg in the USA that computer control was essential to many of the advanced systems in modern cars, but they could be very vulnerable to attack. “When you expose those same computers to attack,” he said, “you can have very surprising results, such as you put your foot down on the brake pedal and it doesn’t stop.”
Co-researcher Tadayoshi Kohno from the University of Washington told Bloomberg the pair was very surprised at how easy it was to breach the car’s systems. “We expected to spend significant effort reverse-engineering,” he said. “However, we found existing automotive systems – at least those we tested – to be tremendously fragile.”
The pair was even able to conduct unauthorised firmware upgrades (although in the case of malicious hacker interventions, we’re almost certainly talking downgrades here) to some systems.
After wiring a laptop with WiFi (or, presumably even just something with WiFi and an OS like an iPod Touch) into the car’s onboard diagnostic port, hackers can breach the car’s systems remotely from a laptop in a nearby car, using a standard WiFi connection.
Neither researcher would name the brand(s) of car(s) they hacked in conducting the project.
The point of this research? To show the automotive industry just how important IT security is – and perhaps how under-done it is today.
The modern car is incredibly dependent on massive volumes of software. To put this in perspective, the elite F-22 Raptor fighter jet runs on about 1.7 million lines of software code. The F-35 Joint Strike Fighter, scheduled to be operational later this year, needs about 5.7 million lines of code, and Boeing’s 787 Dreamliner will require about 6.5 million.
Professor Manfred Broy from the Munich Technical University told Discovery recently that, incredibly, a modern premium car contains about 100 million lines of software code, executing itself across a network of between 70 and 100 ECUs – electronic control units (think: computers).
In the same Discovery story, Daimler’s director of IT management, Alfred Katzenbach, said the radio and navigation systems in the current Mercedes-Benz S-Class contain a mind-bending amount of code in excess of 20 million lines, and the car itself contains almost as many ECUs as the Airbus A380.
Experts say the cost of software and electronics in a modern premium car can be as high as 40 per cent of the total cost. And IBM says around 50 per cent of warranty claims on modern cars relate to software and electronics glitches.
The elephant in the room here is, of course, Toyota. After massive recalls, one of the ‘fixes’ for future runaway throttle scenarios is merely software that allows the brakes to win if they compete with the engine. But that’s not the first big software issue for the Big T. In 2005 the company recalled 160,000 Prius cars thanks to a software glitch that caused the engine suddenly to shut down. Almost all car makers have had software glitches. Last year GM recalled almost 13,000 Cadillac CTSs when it was found that defective software was disabling the front passenger airbag when a passenger was present in the seat.
Makes you wonder how secure your car really is, doesn’t it?