Friday, 14 May 2010

Auto hacking: Has your car been pwned?

Car makers love to tell us how much advanced technology is in their latest models.What they're not so keen on is telling anyone how easy it is for the many electronic systems to be hacked. We're used to onbaord diagnostic systems telling us exactly what our car is is doing, but what if it was feeding us duff information?

This newly-published research paper analyses the electronic security of modern cars, and makes for very scary reading. It shows how the researchers quite easily managed to hack a car, allowing them to operate (or disable) the brakes remotely while the car is in motion, fake the speedometer readouts (pic below), and much more - it's almost enough to make you consider going back the automotive dark ages and buying a Moggie 1000.

Update: The Register has covered this story too, but with an update highlighting a reader's comment basically saying that it's a non-story (many of the comments take this view, too). To my mind this misses the main point of the research - which is not just that it's trivial to hack into the control systems. What the researchers found were severely flawed implementations of several basic security safeguards, failsafe mechanisms and standards breaches; according to all the standards, you are not supposed to be able to re-flash the engine's ECU while the car is doing 40mph. And according to standards, signals on the low-speed bus (used for non-critical signalling such as door lights) are not supposed to be used to control components working on the high-speed, yet in the test cars, the third-party telematics systems did exactly that.

(thanks to @mikkohypponen of F-Secure for the tip)

No comments:

Post a Comment