Computer geeks already knew it was possible to hack into a car’s computerized systems and potentially alter some electronic control functions.
However, new research to be presented next week shows the vulnerabilities are greater and the potential for mischief worse than believed, in a wake-up call for the automobile industry.
Chris Valasek, director of security intelligence for the security firm IOActive, and Charlie Miller, security engineer for Twitter, found these vulnerabilities in cars’ on-board computers, a mandatory feature on US vehicles since 1996.
They found that by accessing this device, which sits under the steering wheel, someone with a brief period of access, like a parking attendant, could hack the car and reprogram key safety features.
“We had full control of braking,” Valasek told reporters in a telephone interview. “We disengaged the brakes so if you were going slow and tried to press the brakes they wouldn’t work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile.”
The pair, working with partial funding from the US government’s Defense Advanced Research Projects Agency, also manipulated a vehicle’s steering by hijacking the “park assist” feature.
“You would need a brief moment of physical access,” Valasek said. “You could reprogram and untether from the car and the system.”
While some earlier research focused on the potential to wirelessly gain control of some functions, Valasek said his project looked at overwriting the software code in the vehicles, with even more damaging consequences.
The research is to presented next week at Def Con, an annual US gathering of hackers and security experts in Las Vegas.
The research is not the first to show the potential for hacking into car computer systems, which are becoming more ubiquitous as more vehicles add services connecting to the Internet or cellular phone networks, and some firms like Google are using self-driving automobiles.
A 2010 study by researchers from the University of Washington and University of California at San Diego demonstrated how an attacker could infiltrate virtually any electronic control unit (ECU) of a car and “leverage this ability to completely circumvent a broad array of safety-critical systems.”
That study showed that the engine control devices initially designed for pollution reduction had been integrated into other aspects of a car’s functioning and diagnostics.
And the US Department of Homeland Security issued an advisory in May warning of flaws in the wireless Bluetooth systems in some cars which could be exploited by an outsider to take control of some car functions.
Valasek said most cars have a number of computers and “they all trust each other. As long as they are receiving information, they don’t care who is sending it.”
This highlights the need for more attention to cybersecurity in vehicle design, he said.
“We want an intelligent discussion on this,” Valasek said. “We hope people enjoy the presentation and take our tools and data and try to reproduce them and do their own research.”
“Although there is research on automobile security no one is releasing the data,” he said.
Valasek said there have been no real-life exploits of automobile hacking, but added that “we just don’t know what could be done with this.”
He said it is more complicated than hacking into a personal computer but that his latest research shows that “with a minimal number of people you can have results where you can control the car, and do things that are detrimental to safety.”
To many, Tatu City on the outskirts of Nairobi looks like a success. The first city entirely built by a private company to be operational in east Africa, with about 25,000 people living and working there, it accounts for about two-thirds of all foreign investment in Kenya. Its low-tax status has attracted more than 100 businesses including Heineken, coffee brand Dormans, and the biggest call-center and cold-chain transport firms in the region. However, to some local politicians, Tatu City has looked more like a target for extortion. A parade of governors have demanded land worth millions of dollars in exchange
Hong Kong authorities ramped up sales of the local dollar as the greenback’s slide threatened the foreign-exchange peg. The Hong Kong Monetary Authority (HKMA) sold a record HK$60.5 billion (US$7.8 billion) of the city’s currency, according to an alert sent on its Bloomberg page yesterday in Asia, after it tested the upper end of its trading band. That added to the HK$56.1 billion of sales versus the greenback since Friday. The rapid intervention signals efforts from the city’s authorities to limit the local currency’s moves within its HK$7.75 to HK$7.85 per US dollar trading band. Heavy sales of the local dollar by
Taiwan Semiconductor Manufacturing Co’s (TSMC, 台積電) revenue jumped 48 percent last month, underscoring how electronics firms scrambled to acquire essential components before global tariffs took effect. The main chipmaker for Apple Inc and Nvidia Corp reported monthly sales of NT$349.6 billion (US$11.6 billion). That compares with the average analysts’ estimate for a 38 percent rise in second-quarter revenue. US President Donald Trump’s trade war is prompting economists to retool GDP forecasts worldwide, casting doubt over the outlook for everything from iPhone demand to computing and datacenter construction. However, TSMC — a barometer for global tech spending given its central role in the
The Financial Supervisory Commission (FSC) yesterday met with some of the nation’s largest insurance companies as a skyrocketing New Taiwan dollar piles pressure on their hundreds of billions of dollars in US bond investments. The commission has asked some life insurance firms, among the biggest Asian holders of US debt, to discuss how the rapidly strengthening NT dollar has impacted their operations, people familiar with the matter said. The meeting took place as the NT dollar jumped as much as 5 percent yesterday, its biggest intraday gain in more than three decades. The local currency surged as exporters rushed to
RSS