Car Hijacking

Do you hijack a car by getting in and threatening the driver with a gun? No. You just hack into the on-board computer systems.

 
Hackers knew that you could hack remotely into the computer systems inside cars and modify certain characteristics. But, the scale and the range of hacks that is being showcased by a hacker duo is mind-boggling and should cause some concern in the auto industry.
 
Charlie Miller, 41, a security engineer at Twitter and Chris Valasek, 31, the director of Security Intelligence at IOActive are going to pesent their findings and attack software at Defcon in Las Vegas in August this year. They are showing us what can be done by someone who has physical access to a car for a short interval of time – think hacker who moonlights as parking attendant.
 
The picture alongside shows us the things that they can do – slamming on brakes at high speed is likely to be fatal if it ever happens.

 
On-board-diagnostics, as it is called by the US government, is a compulsory feature on cars in US since 1996. The original purpose of OBD according to the US government is “OBD monitors the performance of some of the engines’ major components, including individual emission controls. The system provides owners with an early warning of malfunctions by way of a dashboard “Check Engine” light (also known as a Malfunction Indicator Light or MIL, for short). By giving vehicle owners this early warning, OBD protects not only the environment but also consumers, identifying minor problems before they become major repair bills.” Toyota offers “Safety Connect” while GM has “OnStar” and Ford has “SYNC”.
 
The mobile industry trade group GMSA says that revenues from this sector currently stands at USD 2.5 Billion and is expected to touch USD 25 Billion by 2025. So, the presence of on-board computers and the kind of services they offer is bound to increase as auto makers try to give their customers an ‘on-demand’ service coupled with safety. Though the focus of the entire auto industry is preventing hackers from remotely hijacking cars, the above proof of concept by the hacking duo should nudge the auto industry into looking at insecurities that can crop up from physical access to on-board devices. That hackers could remotely penetrate into on-board-diagnostics has already been proved by a team from the University of Washington and the University of California in San Diego. That proof of concept took advantage of insecurities in a rogue android app that synced with the car’s network from the driver’s smartphone and some bluetooth bugs.
 
As driver involvement decreases, potential for attacks increases. More auto makers are coming up with precisely such features to attract customers. The auto industry needs to wake up to the potential for attacks in their cars and sufficiently test their systems.
 
Cars alone are not susceptible to such vulnerabilities – recently, GPS signal to a luxury yatch was hacked, another team of researchers were able to into airplane communications with just an android app. This is not to say that everybody can now do the same – but the possibility of such attacks are bound to increase in the near future.

Comments are closed.