Charlie Miller and Chris Valasek are two security experts that were funded by Defense Advanced Research Projects Agency (DARPA) to hack cars. The research was meant as a way to point out security flaws and present possible solutions for companies.
Car hacking, argues Miller and Valasek, is of immense importance due to the increased reliance on computer systems and electrical control units (ECU). Remote hacking of a car is a reality and the research indicates an individual can take over a car’s steering, braking system, display and acceleration. The release includes the white paper as well as the code and the tools used by Miller and Valasek.
The white paper, titled “Adventures in Automotive Networks and Control Units” discusses the various methods and hacks used to manipulate vehicles. Miller and Valsek hacked a 2010 Ford Escape and a 2010 Toyota Prius. As the researchers note, it was already proven remote hacking of car, via Bluetooth, is possible and the new research provides further insight on the vulnerabilities of certain vehicles. In the introduction, the researchers state, “This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, we demonstrate how on two different vehicles that in some circumstances we are able to control the steering, braking, acceleration and display.”
In addition to pointing out the security flaws, the research does offer potential solutions to the vulnerabilities found by Miller and Valasek. The concern of car hacking is the loss of life that could occur if an individual takes over a vehicle. Comparing a vehicle to a computer, the researchers note the difficulty of ensuring the safety and security of the code used in a car’s ECUs. For computers, scripts can be written that detect such activity but a car is much more complex system.
Access to the vehicles was done using means available to anyone. Miller and Valasek connected a cable, which is readily available online or in stores, to a laptop to communicate with the On-Board Diagnostics Port, OBD II.
The researchers say in the paper, “In highly computerized automobiles, there is no easy way to write applications capable of monitoring or controlling the various embedded systems. Drivers and passengers are strictly at the mercy of the code running in their automobiles and, unlike when their web browser crashes or is compromised, the threat to their physical well-being is real.”
The researchers focus on the lack of security in the communication system, the Controller Area Network (CAN) bus standard, used by ECUs. There is no authentication system in place to determine which ECU sent a CAN packet to communicate with another ECU, although ECUs send encrypted messages to other ECUs. A hacker could send their own CAN packet to communicate or reprogram an ECU, altering the car’s behavior.
There are possible solutions to car hacking. The researchers point out the frequency of CAN packets could indicate a threat, increased CAN packet activity could be a trigger, while unusual CAN packets, such as a diagnostic packet outside of a repair shop, could be also be monitored for potential threats.
As shown in a video published by Forbes, which can be viewed below, Miller and Valasek were able to hack into a car and perform feats that would put a driver’s safety into question. The duo hopes with the release of the white paper more researchers will have a framework to work with to create new tools or expand on the research.