The many computer systems found within modern day cars are vulnerable to attack, according to a team of researchers from the University of California-San Diego and the University of Washington. Amongst other things, the researchers were able to turn a car's instrument panel into a 60 second countdown clock, which honked the horn as it reached zero before turning the engine off and locking the doors.
Led by Professor Stefan Savage from the University of California-San Diego, and Tadayoshi Kohno from the University of Washington, the researchers goal was to find out just how difficult it would be to take control of a modern car. Concentrating on the ECUs (electronic control units), of which there can be up to 70 containing over 100MB of code between them, the team soon found out just how easy it was to manipulate a cars behaviour.
Connecting to the car via the communication ports built-in as standard - so mechanics can gather data for servicing - the attackers then used a program they created called CarShark, which allowed them to first monitor what information the various ECUs sent, before sending their own data so as to manipulate the vehicle and see how much could be controlled.
The team soon found that there was little that couldn't be controlled. As reported by the BBC, the researchers were able to disable the brakes completely, engage them while in motion, turn off the engine, lock the doors and more. Almost every system, from the engine right through to the air condition, was vulnerable to attack. It was found that even sending malformed packets of data could result in a response from the vehicle.
Fortunately, in order to successfully take control of a car a hacker would still need to gain physical access to the communication ports. However, with many everyday objects hooking up to the Internet there is definitely room for a future risk from this kind of attack.
Talking about the researchers findings, Rik Fergson, a security analyst at Trend Micro said that, "As cars, and everything else in life up to and including even pacemakers or fridges, become steadily more connected and externally accessible, research such as this should be taken increasingly seriously by manufacturers." He added, "This represents an opportunity to head off a problem before it starts, in the not-too-distant future it may represent a real risk to life."
The research team will be presenting their findings at the IEEE Symposium on Security and Privacy in California on May 19th.