Your car in the near future can easily be hacked by hackers
“If you use a computer, you can be hacked” is a well-known axiom. In the world of computers, there is practically nothing that could not be hacked, and if attackers can penetrate a fairly sophisticated desktop computer, what will prevent a decisive hacker from getting into the on-board computer of your car?
Tadayoshi Kohno from the University of Washington, Seattle, and Stefan Savage from the University of San Diego, California, were able to write software called CarShark and with it and two laptops penetrated remotely into the car computer, were able to turn off the engine, use brakes or disable them, display on the speedometer arbitrary values of speed and inscriptions.
Guys postedA pdf description of their work, and also answered some questions from journalists:
Q: Tell us more about the study. Did you have physical access to the car or can all this be done remotely?
Savage: In the document, we don’t dwell in detail on how to achieve the result, it is much more important to understand what the effect of someone entering the system of your car may be. We connected to the diagnostic port, it is standard for most cars and is located near the steering wheel.
Kohno: With this study, we wanted to draw attention to the evolution of cars, in the hope that automakers would be able to provide protection against such intrusion in the future.
Savage:Think of computers in the early 90s. They had many potential vulnerabilities, but it did not matter much, because the computer was at home and was not connected anywhere. When we started connecting them to the Internet, all of these potential vulnerabilities became real. Cars follow this path. There is a trend toward connecting cars to wireless networks, so it’s time to begin to strengthen the protection of the car’s internal systems before this becomes a real problem.
Q: Can you give an example when a car can be compromised?
Savage:It can be a car mechanic, or a jealous passion, who have the ability to temporarily access the car. Such a person will be able to connect to the system and upload malicious code there. Today it is more of a fantasy than a real threat, of course.
Note perev .: but in the near future this same mechanic will imperceptibly connect a special device to the diagnostic connector, which will be accessible via the Internet.
Kohno: Today, everyone is focused on botnets and web application security. We want to make sure that after 5-10 years, cars will not replenish this list.
Q: You wrote a tool called CarShark that implements a similar attack, right?
Kohno: The tool implements a lot of what we explored. It works on a computer connected to the OBD-II (On-Board Diagnostics II) connector and can receive / send data over the network.
Q: After all, someone can use this tool for bad purposes!
Savage: We will not publish it. We tried to maintain some balance in our study. We are not interested in raising a panic. Is the attack feasible? Yes. In the end, the software in your car is not fundamentally different from what is installed on your PC.
via cnet.com and popfi.com
In general, the guys did nothing unusual or in excess of the new, of course. But the topic they raised is quite relevant, in my opinion. What do you think, a resident of Habr?
upd: There have already been precedents: A hacker has blocked more than 100 machines via the Internet.
upd2: AndroidOS will be installed on the Chevrolet Volt .
Tadayoshi Kohno from the University of Washington, Seattle, and Stefan Savage from the University of San Diego, California, were able to write software called CarShark and with it and two laptops penetrated remotely into the car computer, were able to turn off the engine, use brakes or disable them, display on the speedometer arbitrary values of speed and inscriptions.
Guys postedA pdf description of their work, and also answered some questions from journalists:
Q: Tell us more about the study. Did you have physical access to the car or can all this be done remotely?
Savage: In the document, we don’t dwell in detail on how to achieve the result, it is much more important to understand what the effect of someone entering the system of your car may be. We connected to the diagnostic port, it is standard for most cars and is located near the steering wheel.
Kohno: With this study, we wanted to draw attention to the evolution of cars, in the hope that automakers would be able to provide protection against such intrusion in the future.
Savage:Think of computers in the early 90s. They had many potential vulnerabilities, but it did not matter much, because the computer was at home and was not connected anywhere. When we started connecting them to the Internet, all of these potential vulnerabilities became real. Cars follow this path. There is a trend toward connecting cars to wireless networks, so it’s time to begin to strengthen the protection of the car’s internal systems before this becomes a real problem.
Q: Can you give an example when a car can be compromised?
Savage:It can be a car mechanic, or a jealous passion, who have the ability to temporarily access the car. Such a person will be able to connect to the system and upload malicious code there. Today it is more of a fantasy than a real threat, of course.
Note perev .: but in the near future this same mechanic will imperceptibly connect a special device to the diagnostic connector, which will be accessible via the Internet.
Kohno: Today, everyone is focused on botnets and web application security. We want to make sure that after 5-10 years, cars will not replenish this list.
Q: You wrote a tool called CarShark that implements a similar attack, right?
Kohno: The tool implements a lot of what we explored. It works on a computer connected to the OBD-II (On-Board Diagnostics II) connector and can receive / send data over the network.
Q: After all, someone can use this tool for bad purposes!
Savage: We will not publish it. We tried to maintain some balance in our study. We are not interested in raising a panic. Is the attack feasible? Yes. In the end, the software in your car is not fundamentally different from what is installed on your PC.
via cnet.com and popfi.com
In general, the guys did nothing unusual or in excess of the new, of course. But the topic they raised is quite relevant, in my opinion. What do you think, a resident of Habr?
upd: There have already been precedents: A hacker has blocked more than 100 machines via the Internet.
upd2: AndroidOS will be installed on the Chevrolet Volt .