Current Weather
The Spy FM

With Smarter Cars, The Doors Are Open To Hacking Dangers

Filed by KOSU News in Business.
July 30, 2013

Chris Valasek and Charlie Miller have been hacking into products for a long time. But they don’t steal stuff or mess with people; instead, their purpose is to pressure companies into making their products more secure.

This week, they scored big. Their research on hacking cars has captured the attention of millions and has been featured in Forbes and on the Today show.

Miller and Valasek are not the first guys to hack a car, but they demonstrated like few have before just how dangerous these kinds of attacks could be.

“That’s really where Charlie and I came in,” says Valasek, a security researcher at IOActive. “We really wanted to see, once someone was inside your car network, to what extent could you control the automobile?”

The pair got a grant from the Defense Advanced Projects Research Agency (DARPA) and bought two modern, connected cars: a Toyota Prius and a Ford Escape. Then they tapped into the network of little built-in computers that run on virtually every car sold today.

Car makers began embedding electronic control units, or ECUs, in cars more than 30 years ago. These simple little computers were developed during the first gas crisis. Initially, they were used as tiny computerized carburetors.

“Engineers figured out that computers were much better at figuring out how to mix gas and air than a mechanical device,” Valasek says. “They were much more efficient and you could get better gas mileage.”

But soon these little computers were being used for a lot of things, like cruise control or anti-lock breaks.

“Now we’re to the point where cars parallel park themselves,” Valasek says. “And that’s not just magic. There’s computers in the car that have sensors and actuators.”

Remote Control Havoc

All these little devices talk to each other on an open network. They listen in to every message that’s sent, and they don’t verify where a specific command is coming from. Miller says all of this makes cars easy to attack.

Any sensor attached to the processor on the network is vulnerable. So after Miller and Valasek learned the code that controlled the ECUs on the two cars they were testing, they were able to cause all kind of havoc.

They were able to jerk the wheel at high speeds in the Prius. They could cause the car to accelerate or break. The could beep the horn or set off the crash preparation system and jerk the seatbelts back.

In the Ford Escape, if the driver was moving slowly, they could turn the wheel or even kill the brake. In fact, once Miller forgot that the hack was running on his Ford Escape and he drove it into his garage.

“Luckily, these weren’t our cars,” Valasek says.

But Miller did crush his lawnmower.

“My lawnmower — it was destroyed, utterly,” Miller says. “The lawnmower was perhaps the first cyber-attack-in-a-car victim.”

Car Companies Not Worried

Miller and Valasek tried to share their findings with Toyota and Ford before they went public. Both companies say while they are taking the research seriously, they’re still convinced their cars are safe. They say if someone has to wire a computer into your car to get an attack to work, you are going to notice.

“I’ve actually been very disappointed with the reaction from these companies,” says Don Bailey, a security researcher who has hacked into cars remotely via the cell phone network.

Bailey says Miller and Valasek have proven that “once you are through that initial barrier, you can and will be able to do almost anything you want to.”

It’s unlikely, however, that malicious hackers will take advantage of these attacks any time soon. All cars don’t all use one operating system and they don’t all speak one single language. So before a hacker can take control, he or she has to learn the specific code that runs the systems for that specific car.

That’s tough, and it takes time. But Valasek says it’s not impossible.

By going public with their research, Valesek hopes car companies will be forced to fix these problem before anyone — aside from a lawnmower — gets hurt. [Copyright 2013 NPR]

Leave a Reply

2PM to 3PM The Dinner Party

The Dinner Party

Think NPR meets Vanity Fair. In each episode, hosts Rico Gagliano & Brendan Francis Newnam talk with some of the world's most interesting celebrities, and along the way equip you with bad jokes, fresh drink recipes, hot food finds, odd news stories... and etiquette tips from the likes of Henry Rollins and Dick Cavett. It's all you need to get an edge in your weekend conversations. Past guests include Michelle Williams, Judd Apatow, Kid Cudi and Sir Richard Branson. Wallpaper magazine calls The Dinner Party one of the Top 40 Reasons To Live In The USA.

Listen Live Now!

3PM to 4PM The Splendid Table

The Splendid Table

Hosted by award-winning Lynne Rossetto Kasper, The Splendid Table is a culinary, culture and lifestyle program that celebrates food and its ability to touch the lives and feed the souls of everyone.

View the program guide!

4PM to 5PM Weekend All Things Considered

Weekend All Things Considered

View the program guide!

Upcoming Events in your area (Submit your event today!)

Streaming audio and podcasts

Stream KOSU on your smartphone

Phone Streaming

SmartPhone listening options on this page are intended for many iPhones, Blackberries, etc. with low-cost software applications available to listen to our full-time web streams, both News on KOSU-1 and Classical on KOSU-2.

Learn more about our complete range of streaming services

We're perfecting the patient experience - Stillwater Medical Center