CybersecurityCars’ computers could be the next targets of cyberattacks
Computers, known as Electronic Control Units (ECUs), were first installed more than thirty years ago, during the first gas crisis, to serve as computerized carburetors. Eventually these computers were upgraded for innovations like cruise control and anti-lock brakes. In modern cars, ECUs “talk” to each other, and “listen” and respond to the messages they receive, over an open network, making them vulnerable to hacking, and potentially dangerous.
Chris Valasek and Charlie Miller have found that the computer systems in today’s newest cars are almost completely unprotected — and worse: once a hacker gains access to the systems, they can control almost every aspect of a vehicle.
NPR reports that Valasek and Miller are not the first to hack a vehicle, but they demonstrated how dangerous such attacks can be.
The pair began their research after receiving a grant from the Defense Advanced Research Projects Agency (DARPA). They used the money to buy a Toyota Prius and a Ford Escape, then accessed the network of built-in computers installed in almost every new car on the market today.
“That’s really where Charlie and I came in,” Valasek, a security researcher at IOActive, told NPR. “We really wanted to see, once someone was inside your car network, to what extent could you control the automobile?”
The computers, known as Electronic Control Units (ECUs), were first installed more than thirty years ago, during the first gas crisis, to serve as computerized carburetors. Eventually these computers were upgraded for innovations like cruise control and anti-lock brakes.
In modern cars, ECUs “talk” to each other, and “listen” and respond to the messages they receive, over an open network, making them vulnerable to hacking, and potentially dangerous.
Valasek and Miller discovered the code which controlled the ECUs of the two cars, and once inside the network, were able to control the cars in any way they wanted. In the Prius, they were able to jerk the wheel at high speeds and cause the car to accelerate or brake and even jerk the seatbelts back.
In the Escape, they could turn the wheel and even disable the brake. In fact, once Miller forgot that the hack was running on his Ford Escape and slammed it into his garage door.
The pair informed Toyota and Ford of what they discovered before going public with the news.
The two companies have said they take the issue seriously, some are not convinced.
“I’ve actually been very disappointed with the reaction from these companies,” Don Bailey, a security researcher who has hacked into cars remotely via the cell phone network, told NPR.
It is unlikely, for now, that a terrorist or a hacker would use this vulnerability to create havoc. Cars do not run on the same operating system or speak one single language. This means that before hackers can take control, they have to learn the specific code that runs the systems for that specific car.
