Yes, Your Car Is Hackable !!!!!

On a Sunday morning in "2016", I got a call from my friend Peter informing that his car has been stolen. He parked his car near to a shopping mall and was shocked to see that it was not there when he came back. Immediately I took my car and reached the place where he was standing. He was totally shattered. I didn’t have words to make console him. Immediately we went to the nearby police station and registered a compliant. They immediately passed the information to all the other police stations in that area and the toll booths. We were waiting in the police station and in ten minutes we got a call, informing the area where the car was. Immediately, we took our vehicle and rushed towards that area. We saw our car at a sight distance. The moment the thieves saw the police cab, they drove the car quickly. We followed them and it was like a chase that we normally see in movies. After 5 kilometres in the highway we were not able to overtake them and I realized that we won’t be able to do anything much and I should do something out of the box.

Thanks to the last year Blackhat conference video, where Charlie Miller and Chris Valasek, two researchers/hackers explained about the vulnerabilities in car digital systems. I took my laptop, connected to the car remotely through wireless and using special software controlled the accelerator of the car. I then killed the engine. The cops were shocked and looked at me astonishingly, thinking whether I could be a magician or not. Haaha!!! Anyway we were able to get hold of those thieves and most importantly my friend got his car back. If this would have been a real incident, then for sure it will result in legal battles for using an illegal software even though it is for a good cause.

This is no more a joke. This was proven by Charlie Miller and Chris Valasek before. Yes, people like me won’t believe this when they hear it for the first time. Andy Greenberg (Senior writer, Wired magazine) was also like me. He wanted to get this tested and decided to drive the compromised vehicle.

Two years back, the same Andy Greenberg drove a vehicle along with Charlie Miller and Chris Valasek sitting in the backseat with their laptops.  Once he started driving, they disabled the brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel. They demonstrated that they could jerk the wheels or kill the brakes of the vehicle using laptops wired to the cars' computer systems.

This time, their research went to the advanced level and proved that, they didn't have to be in the vehicle or anywhere near it to wreak havoc on the controls. From miles away, sitting at home, they were able to use a cellular connection to access the vehicle.

Andy Greenberg explains this with a live video taken during this crash test. He added that, there were no devices attached to the vehicle, but they remotely hacked over the internet through a cellular connection to its entertainment system. They would be able to take over the steering, transmission and even its brakes. When Andy Greenberg started his driving , we could see Charlie Miller sitting miles away, warns over the phone “no matter what happens, don’t panic". Yes, in the video, Andy looks relaxed. Remotely, they started their activities by switching on the fan, followed by a picture of Charlie and Chris in the digital dashboard. Then they played songs in the audio system in full volume. Andy was not able to reduce or turn it off. Then they turned on windshield wipers and Andy was not able to see the road. In the end they killed the engine, making Andy uncomfortable. From the cool Andy, we could see a panicking Andy towards the end of the crash test. But again kudos to Andy for the bravery shown to participate in this sort of a test.

I am not writing specifically about the car manufacturer or software system as it is not relevant for me. This Internet-connected computer feature in hundreds of thousands of cars, SUVs and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. Charlie Miller and Chris Valasek will explain more about the vulnerable content in those systems in this year’s black hat conference.

I am so happy that Charlie Miller and Chris Valasek worked with the related automobile manufacturer and shared the research with them, enabling them to release the patch ahead of the black hat conference where both of them shall present this research to everyone.

I have written the good side of this finding futuristically in the first paragraph. But think about this in a different way. In case, if the terrorists or the bad guys are able to utilize this sort of feature, then that’s it. This is about cars and jeeps now, think about airlines.

Are our car makers hiring independent security firms to test their vehicles digital security? What all are the security measures they have taken?  It is not all about adding new features like internet enablement to attract customers; it has to be about securing them from digital attacks.Most automakers offer infotainment systems that leverage a driver's smartphone to connect to the Internet. The idea is to offer consumers easy access to their favourite apps and services while driving, but the feature in turn opens the digital doors to hackers seeking access to the automobile's controls. Here the government should have to chip in and implement the needful laws/policies or standards to ensure that the vehicle and its digital systems are security compliant.  

Thanks to Charlie Miller and Chris Valasek for their research and wishing this will turn as an eye opener for everyone.

Views by Aju Nair

Rate this article: 
Average: 2.1 (9 votes)
Article category: 

There are 2 Comments

Not sure how access to a car's infotainment system could in turn provide an hacker access to the controls of the car...Won't the car's ignition system be kept separate from electronics that controls the Audio/Video and Navigation devices on the dashboard?

Good question Nithin..The more details of the vulnerable component of this car digital system will be presented in next month BlackHat Conference..As per the reports,  attack pivots to an adjacent chip in the car’s head unit, the hardware for its entertainment system, silently rewriting the chip’s firmware to plant their code. That rewritten firmware is capable of sending commands through the car’s internal computer network, known as a CAN bus, to its physical components like the engine and wheels. Most of the companies, offer internet based digital system these days, that could potentially an open door for hackers. Another option is, most of us start to speak over bluetooth while driving the car, and our phones too are internet enabled. The hackers can reach our phone and from there, through Bluetooth finally digital system. Yes, what you have told about keeping ignition system separate from electronics is one way to challenge this hack, but In this digital world, the world of internet of things (IoT), this is something challenging for car manufacturers. Anyway we will wait for their presentation in this year Blackhat conference for more details.