A new type of attack - attacks on cars

Before we move on to the article itself, I’ll tell you such a case.
My friend bought a new BMW. Likes to drive - drove. When the odometer on the odometer was 8000 km, the official dealer called and said that the pads were worn out - it's time to change.

An article about how an American Forbs journalist and two Twitter and IOActive security experts tested the Ford Escape and Toyta Prius (added as requested in the comments). A first-person article from a journalist - Andy Greenberg.

I hit the brakes, and the 3,500-pound (1 lb = 0.454kg) Ford Escape refuses to stop, or even slow down - which causes a unique sense of anxiety. In this case, when you press the brake pedal, a deep moaning sound is produced, like an angry roar of buffalo somewhere under the SUV chassis. The more I press the pedal, the louder the groan echoes with the delighted clucking of these two hackers sitting behind me in the back seat.

Fortunately, all this happens at less than 5 miles per hour (1 mile = 1.609 km). As such, the Ford Escape is simply aiming for a wall of 6-foot-tall weeds growing in the abandoned parking lot of South Bend, Indiana's mall, which Charlie Miller and Chris Valasek chose as the test site for this day's experiments, some of which are shown in the video above. (When Miller discovered the brake-tricking trick, he was not so lucky: his mother rushed through his garage, destroying his lawn mower and damaging the back wall for $ 150).

“Okay, now your brakes are working again,” Miller says, clicking on the keys on a shabby MacBook connected by cable to an inconspicuous data port near the parking brake. I completely leave the weeds and carefully stop the car. “When you lose faith that the car will do what you tell him to do,” he adds after we jump out of the SUV, “it really changes your perspective on how the car works”

The fact that the car is not just a machine made of glass and steel, but a hacked network of computers, is what Miller and Valasek spent last year trying to demonstrate. Miller, a 40-year-old safety engineer on Twitter, and Valasek, a 31-year-old director of security intelligence at IOActive's Seattle-based consultancy, received $ 80,000 - plus a grant last fall from a crazy scientist from the Pentagon Research Department, who is known to be part of the Office of Advanced defense research planning, uprooted security weaknesses in cars.



The duo plans to release their discoveries and attacking software, which they developed at the Defcon hacker conference in Las Vegas. They say that it’s better to help other researchers find and fix what is connected with the safety of the automotive industry before hackers get “under the hoods” of unsuspecting drivers. The need to control this issue grows as cars become more automated and connected to the Internet, and the problem goes beyond Toyota and Ford. Almost every American automaker provides cellular or Wi-Fi, like General Motors - OnStar, Toyota - Safety Connect and Ford - SYNC. GSMA Mobile Business and Commerce Group estimates revenue from wireless auto devices at $ 2.5 billion today. The number of projects will increase tenfold by 2025.

Driving their cars for an hour, Miller and Valashek showed that they had figured out enough about the Escape and Toyota Prius device (both models of 2010). A number of unpleasant surprises were revealed: from an uncontrolled pedal to unexpected Prius brake operations at high speed. They sent commands from their laptops that turned off the power steering, faked GPS readings and speedometers and odometers. Finally, they sent me to a country road where Walaszek showed that he could violently pull Prius' steering at any speed, which threatened to hit the cornfield or head-on. “Imagine you're driving 80 miles per hour,” says Walaszek, “and you are heading for a car next to you or an oncoming lane. This is a setup. ”
Ford spokesman says the company takes hackers “very seriously,” but Toyota, in turn, doesn’t make any impression on the tricks of Miller and Valaszek. “We are focusing, like the entire automotive industry, on preventing hacking by remote wireless devices,” he writes in an email. Also, according to him, Toyota engineers are testing their cars for wireless attacks, - "We believe our systems are reliable and safe."

But the work of Miller and Valaszek suggested physical access to car computers for the following reason: getting wireless access to the car’s network is not new. A team of researchers from the University of Washington and the University of California, San Diego, experimenting on a sedan from an unnamed company in 2010, revealed that they could wirelessly penetrate the same mission-critical systems that Miller and Wallacek used, via OnStar, cellular, Bluetooth errors, Android applications that synchronize with the car’s network from the driver’s smartphone, or even a malicious file on an audio CD in the car’s stereo system. “Scientists have shown that you can get the ability to remotely execute code,” says Walaszek, using hacker jargon, “to start executing commands on the system.” We showed


One of the UCSD (University of California, San Diego) professors participating in these tests, Stefan Savage, claims that wireless hacks remain possible and affect the entire industry: “given that attacks on car systems have not yet been noticed outside the laboratory , manufacturers simply did not fully provide themselves with software, ”he says,“ The difficulties we found existed on PCs in the early, mid-1990s. ”

As cars get closer to Google’s dream of robotic cars, more options become potentially vulnerable to attacks. Miller and Wallacek used the self-parking functions of Toyota and Ford, for example, to capture the steering. A car, such as the 2014 Mercedes-Benz S-Class, which can monitor traffic in a traffic jam (stop-and-go system) or follow the car in reverse without driver intervention, can give the hacker even more opportunities to attack, says Gartner analyst Group Tilo Kozlowski.

At the same time, Miller and Walaszek argue that the best way to convince car companies to provide their cars with protection is to show what could happen with a multi-ton rocket on wheels. It’s better to hijack a digital SUV now than when attackers take control of it. “If the only thing that keeps you from crashing your car is that no one is talking about it,” Miller says, “then you are at risk anyway.”