Hacking Automotive Systems

alphadogg writes "University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low." Here is the researchers' site, and an image that could stand as a summary of the work.

Yeah...

[Pojut]

...no matter how insecure they are, until hackers find a way to wirelessly connect to my car that doesn't have a wireless connection, I'm not going to worry.

Now if you'll excuse me, I have to make sure some crazy ex-girlfriend doesn't have something stuffed in my OBDII port. "Your mom's OBDII port is stuffed!" Dammit! Almost made it without the mom joke...

Re:Yeah...

[gardyloo]

Almost made it without the mom joke...

      That's what she said.

Re:They were able to

[gardyloo]

Ah. Rush Limbaugh. That would be the parsimonious explanation.

Re:I'm not worried about those hacks

[BarryJacobsen]

We all know that once someone has physical access to your system it's theirs. But can they do this via OnStar or other remote access systems?

If they can, I'm rushing out to get OnStar - that'd be a lawsuit waiting to happen!

radio

[dxkelly]

I want to know how they made the radio blow hot air.

This just reaffirms...

[DarkKnightRadick]

...my decision to make my next vehicle a 1968 VW Beetle.

Re:radio

[andrewbaldwin]

I want to know how they made the radio blow hot air.

Simple!

Just tune it to the local talk radio channel covering politics/religion/sport**...

** select / delete according to your views

Ah, the Rootbacca defence

[Rogerborg]

Why did my client accelerate to 90mph? I put it to you, ladies and gentlemen of this supposed jury, that he did not. No, it was Evil Hackzorz, doubtless acting on the orders of the Saucer People, or perhaps the Mole Men. This is technically possible - for all you know - so you must have a reasonable doubt that my client was responsible.

Appearing in a celebrity traffic trial near you in 3... 2...

Re:So what?

[geekoid]

Fine, A tine explosive the sets after the vehicle hits 55 mph.

Adobe

[Anonymous Coward]

I demand to be able to run flash, its my creative right to install whatever software I want on a computer I OWN...!!!

Re:Sensationalism at it's finest.

[geekoid]

That was a long way to go to attempt to look like the cool kids at the auto show.

Re:So what?

[thijsh]

That's exactly how it's done, and coincidentally also the plot for the upcoming Hollywood movie "Hacking to Kill" where Steven Seagal jumps onto the moving out-of-control-VIP-car and rips the computer (with engine and all) out of the car with his teeth... It's the only way to be sure. :)

Re:Cccess to unlocked car = can damage it, duh

[DriedClexler]

An attacker would have to ... be able to physically mount some sort of computer on the victim's car

Yeah, and if I could physically mount your wife, I could inject her with all sorts of viruses, maybe even spawn a child process!

So, is "security hole" the next euphemism for vagina?

Re:So what?

[dkleinsc]

Because it makes this [theregister.co.uk] scenario much more likely?