Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV’s chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat.
Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day’s experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn’t so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.)
“Okay, now your brakes work again,” Miller says, tapping on a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake. I reverse out of the weeds and warily bring the car to a stop. “When you lose faith that a car will do what you tell it to do,” he adds after we jump out of the SUV, “it really changes your whole view of how the thing works.”
This fact, that a car is not a simple machine of glass and steel but a hackable network of computers, is what Miller and Valasek have spent the last year trying to demonstrate. Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.
The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry’s security problems before malicious hackers get under the hoods of unsuspecting drivers. The need for scrutiny is growing as cars are increasingly automated and connected to the Internet, and the problem goes well beyond Toyota and Ford. Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue.
As I drove their vehicles for more than an hour, Miller and Valasek showed that they’ve reverse-engineered enough of the software of the Escape and the Toyota Prius (both the 2010 model) to demonstrate a range of nasty surprises: everything from annoyances like uncontrollably blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds. They sent commands from their laptops that killed power steering, spoofed the GPS and made pathological liars out of speedometers and odometers. Finally they directed me out to a country road, where Valasek showed that he could violently jerk the Prius’ steering at any speed, threatening to send us into a cornfield or a head-on collision. “Imagine you’re driving down a highway at 80 ,” Valasek says. “You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”
A Ford spokesman says the company takes hackers “very seriously,” but Toyota, for its part, says it isn’t impressed by Miller and Valasek’s stunts: Real carhacking, the company’s safety manager John Hanson argues, wouldn’t require physically jacking into the target car. “Our focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle,” he writes in an e-mail, adding that Toyota engineers test its vehicles against wireless attacks. “We believe our systems are robust and secure.”
Anatomy of an auto hack: With just a laptop connected to its diagnostics port, Valasek and Miller turned an innocent Prius into the world’s worst amusement park ride. Here what they could do.(Click to enlarge)
But Miller and Valasek’s work assumed physical access to the cars’ computers for a reason: Gaining wireless access to a car’s network is old news. A team of researchers at the University of Washington and the University of California, San Diego, experimenting on a sedan from an unnamed company in 2010, found that they could wirelessly penetrate the same critical systems Miller and Valasek targeted using the car’s OnStar-like cellular connection, Bluetooth bugs, a rogue Android app that synched with the car’s network from the driver’s smartphone or even a malicious audio file on a CD in the car’s stereo system. “Academics have shown you can get remote code execution,” says Valasek, using hacker jargon for the ability to start running commands on a system. “We showed you can do a lot of crazy things once you’re inside.”
One of the UCSD professors involved in those earlier tests, Stefan Savage, claims that wireless hacks remain possible and affect the entire industry: Given that attacks on driving systems have yet to be spotted outside of a lab, manufacturers simply haven’t fully secured their software, he says. “The vulnerabilities that we found were the kind that existed on PCs in the early to mid-1990s, when computers were first getting on the Internet,” says Savage.
As cars approach Google’s dream of passenger-carrying robots, more of their capabilities also become potentially hackable. Miller and Valasek exploited Toyota’s and Ford’s self-parking functions, for instance, to hijack their vehicles’ steering. A car like the 2014 Mercedes Benz S-Class, which can negotiate stop-and-go traffic or follow a leader without input, may offer a hacker even more points of attack, says Gartner Group analyst Thilo Koslowski. “The less the driver is involved, the more potential for failure when bad people are tampering with it,” he says.
In the meantime, Miller and Valasek argue that the best way to pressure car companies to secure their products is to show exactly what can be done with a multi-ton missile on wheels. Better to experience the panic of a digitally hijacked SUV now than when a more malicious attacker is in control. “If the only thing keeping you from crashing your car is that no one is talking about this,” says Miller, “then you’re not safe anyway.
Do we really think any business is dedicating a lot of money and resources into system security? Marketing gets the biggest cut of the pie. Anyone who has worked in IT knows how low in the pecking order systems and hardware can be. That long wait to process your order or purchase is due to the bean counters denying an extra hundred bucks for larger capacity servers. It’s only a matter of time before these keyless, wireless lock and ignition systems get hacked by the pros. They already found a weak spot in the door locks and can open them with hard drive magnets. Much less conspicuous than the slim jim or pry bar.
“Bad people”? Oh you mean the government?
WOW….sooooo if THEY can do it, im pretty sure the gov already has THEIR lynch men on board as well (BEFORE the computer system was first created). lol, man this will be quite the seen when SHTF…cars being disabled, grocery stores (hell ALL stores) ransacked, martial law russian (XD) enforcers telling you where you can and cannot WALK to (due to your now disabled vehicle lol), you didn’t prep so you don’t even have a gallon of water left, inflated dollar (so that even if you could get to a store with actual products in it, you just may not be willing to pay $25 bucks for a BOTTLE of water o_0), electricity is on gridlock now so hopefully you have at least some candles and matches, cellular service is shut down, check points on every corner just in case you still have a vehicle (and gas) that is not computer literate lol, hopefully you weren’t dumb enough to have a registered gun cause it will go bye bye even BEFORE SHTF….o_o
what a scene of chaos this shall be…and boy, cinemax wont have ANYTHING on THAT!
My 1987 Ford F250 Turbo Diesel has no computers. ESD Proof / Hacker Proof.