If someone hacks your computer he can cause you a lot of headaches. But he generally can’t kill you. But getting your car hacked is another story. Andy Greenberg reports on new research that shows that two recent car models are vulnerable to hacks that could interfere with a car’s steering, dashboard, and even its brakes.
Researchers Charlie Miller and Chris Valasek demonstrated the attacks while Greenberg, a reporter for Forbes, was behind the wheel. In one attack, they activated the car’s self-parking feature while the car was driving down the road, causing the steering wheel to jerk from side to side. Because Greenberg was on an empty country road, no real damage was done. But if they pulled the same stunt on a crowded freeway it could have easily triggered an accident.
In another demonstration, they disabled the brakes while Greenberg’s vehicle was in motion. Thankfully, the vehicle was traveling slowly in an empty parking lot, but again the attack could have deadly consequences at higher speeds.
These attacks work because a modern car is essentially a computer network on wheels. With a grant from DARPA, the government agency that brought you the Internet and self-driving cars, the researchers tore apart a Ford Escape and a Toyota Prius and examined the dozens of embedded computers that control the vehicles’ systems. After tapping into the vehicles’ internal networks, they figured out how to manipulate the cars’ systems to cause mischief. Some of their findings will be detailed at next month’s Defcon conference.
Miller and Valasek executed their attacks while sitting in the backseat. If they could only be performed with physical access to the vehicle, they wouldn’t be too scary. But Greenberg points out that other researchers have previously demonstrated that some cars have onboard wireless capabilities that can be compromised remotely. Combining those two results, there’s a very real danger that in the future, cars will be vulnerable to deadly attacks by hackers thousands of miles away.
And these concerns will only grow more acute as we delegate more and more driving tasks to computers. A growing number of cars have self-parking features and advanced cruise control that give computers the ability to manipulate the steering wheel, gas pedal, and brakes. And Google co-founder Sergey Brin has predicted that fully self-driving cars will be on the market within five years.
In an interview with Greenberg, Toyota argued that consumers shouldn’t be alarmed by Miller and Valasek’s results because the company has designed its cars’ wireless capabilities to be impervious to hackers. Toyota reasons that even if its car’s internal components are vulnerable, no one would be able to exploit them unless they first sneaked into the backseat.
But security research is notoriously difficult; the fact that Toyota’s engineers haven’t found any security vulnerabilities doesn’t mean there aren’t any. And so it’s important to lock down cars’ internal systems as a fallback in case their wireless capabilities are compromised. More security research is needed to ensure that any vulnerabilities that exist in our cars are discovered by ethical researchers like Miller and Valasek, before they’re used by bad guys to cause mayhem.