Car hackers build anti-car-hacking gadget

Filed Under: Featured, Security threats, Uncategorized, Vulnerability

Cars. Image courtesy of Shutterstock.Car hackers have been busy over the past few years.

They've zombified cars in wired mode and even wirelessly, to show how you can screw with windows, toot horns, flip headlights on and off, unexpectedly slam on brakes, and take over electronic smart steering so as to steer cars straight into nearby weedlots.

The means of committing vehicular mischief can be dirt cheap.

There was the $30 hacking kit that could be used to steal BMW cars, for example, and then there was the $20, iPhone-sized gadget that renders cars brain-dead.

Then, in August 2013, researchers Charlie Miller and Chris Valasek showed Forbes reporter Andy Greenberg how a ride in a Toyota Prius could turn into the journey from hell.

All these car-hacking headlines sunk in to US lawmakers' noggins, resulting in the launch of a congressional investigation into security practices at major auto manufacturers.

In December 2013, US Senator Edward Markey sent a letter to leading car manufacturers asking them to explain how they secure their vehicles against cyber attacks.

The deadline for responses has come and gone, but Markey's office hasn't yet released its findings.

But the ride, mind you, isn't over yet, congressional investigation findings or no.

Miller and Valasek plan to give a talk at the upcoming Black Hat conference in August, during which they say they’ll be outlining new potential wireless attack points in automobiles.

But where there are skidmarks, there's also hope.

Beyond more white-knuckled stunts, the pair also plan to unveil a prototype device meant to foil the type of hacks they've been throwing at cars.

Miller, who's a security researcher at Twitter, says:

These attacks seemed serious enough that we should actually consider how to defend against them. ... We actually wanted to do something to help solve this problem.

They cooked up the anti-hacking device for about $150 in parts, Forbes's Greenberg reports: an mbed NXP micro controller and a simple board.

It plugs into a jack underneath a car or truck’s dashboard known as the OBD2 port.

After being powered on for a minute during routine driving, the device captures the vehicle's typical data patterns.

Switching it into detection mode will enable it to monitor for anomalies that depart from this typical behavior profile.

Greenberg gives the example of a command normally associated with the car being parked that instead shows up when the car's traveling at 80 mph on the freeway.

If the car diagnoses hijinx, it puts the car into what the researchers call "limp mode" - the network shuts down, and higher-level functions such as power steering and lane assist are disabled until the vehicle is restarted.

So far, Miller and Valasek's invention hasn't flagged any false positives and hasn't mistakenly shut down a car - owing, they said, to a car's digital communications being more predictable than those of most computer networks:

It’s just machines talking to machines. ... In the automotive world, the traffic is so normalized that it’s very obvious when something happens that’s not supposed to happen.

The pair don't plan to sell their anti-car-hacking gadget.

Rather, their aim is to demonstrate how easy it would be for automakers to protect vehicles from the attacks that they and others have already vividly demonstrated.

Hopefully, the carmakers will be willing to protect people by implementing a version of a $150 gadget built by security researchers.

If not, one hopes that congress members such as Senator Markey will have a lot more than questions to throw at them.

Image of cars courtesy of Shutterstock.

, , ,

You might like

3 Responses to Car hackers build anti-car-hacking gadget

  1. Wayne Andersen · 437 days ago

    Aren't similar cars with similar systems being sold all over the world? What is the rest of the world doing about this?

  2. MikeP_UK · 437 days ago

    ALL cars are now required to have OBD2 diagnostics connections, it's a multi-pin socket and not a simple 'jack' (they used to be used for old telephones and early electric guitars!) as it's the only means ot diagnosing some problems that are related to the electronics of the vehicle.
    What is really being discussed here is a means of examining the way the system software is communicating and looking for unexpected anomalies that may indicate an attempt to take external control of the vehicle.
    Modern cars are put into 'limp home mode' if the system detects untoward events that are known about but unwanted as they may cause damage to the vehicle.
    I've worked with these systems for many years as a training officer for some very well known manufacturers.

  3. Anonymous · 425 days ago

    Their solution does not work in a modern automobile. When they detect an anomaly they simply short the CAN bus to ground. Which for most cars will throw them into a "limp" mode, and cause potential harm to the driver.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.