Wednesday, July 22, 2015

New York Times Bits blog: Security Researchers Find a Way to Hack Cars

Security Researchers Find a Way to Hack Cars
By Nicole Perlroth July 21, 2015 2:32 pm

Some cars can now be hacked.

Over the last two years, two well-respected security researchers, Charlie Miller and Chris Valasek, have been hacking away at various cars, trying to find a way to control them remotely.

At the annual Black Hat and Def Con hacking conferences in Las Vegas in August, Mr. Miller and Mr. Valasek plan to demonstrate how, after two years of research, they have discovered a way to control hundreds of thousands of vehicles remotely. From the Internet, they were able to track cars down by their location, see how fast they were going, turn their blinkers and lights on and off, mess with their windshield wipers, radios, navigation and, in some cases, control their brakes and steering.

This is a pretty disturbing article. They used a security hole in the radio's firmware (which is used for cellular communication, navigation and probably other things) to hack into the radio. From there, they were able to access the other computers in the car.

I know that my car (a Honda Civic) is similarly connected. There are several computers in there, and they all seem to be coordinated by an iMID - Intelligent Multi-Information Display. This computer controls a screen that shows radio settings, fuel economy data, the odometer, and pops up alerts for scheduled maintenance and "check engine" warnings. For some model cars, it also has internet connectivity for music (e.g. Pandora), phone calls and text messages, along with BlueTooth and USB connectivity to your phone. Based on what I've been able to learn from various web sources, this computer connects to just about everything in the car. If someone can hack it, they can pretty much take over, maybe even do things to kill the driver (imagine what would happen if the airbag suddenly deployed while driving at highway speed around a turn.)

I'm very glad my car has no network connectivity of any kind. If someone wants to hack it, they're going to have to get physical access first. But will I even have that choice when it's time to buy my next car?

No comments: