Researchers from the University of Washington and UC San Diego bought two identical 2009 passenger cars and managed to hack them, seizing control of the engines, brakes, heating and cooling systems, lights, instrument panels, radios, locks and other auto systems.
Although they would not reveal the make and model of the cars — the cars were chosen because they represent the direction of the entire auto industry, according to researcher Karl Koscher — a picture of one of the cars, included in a paper the group is presenting today at the IEEE Symposium on Security and Privacy in Oakland, is above.The cars sold for around $25,000 each, Kosher said.
Cars are becoming more and more like computers — they have software, wireless telematics and internal networks that connect a growing number of electronic devices and sensors, some of which were introduced 30 years ago to improve fuel efficiency after California passed its Clean Air Act.
Just this week, for instance, General Motors announced that the owners of Chevy Volts will soon be able to track the locations of their cars and send directions to their cars on Google Maps from Google Android phones. (Google is also hiring 300 people in Kirkland, Washington to clean up errors in the maps — a good move!)
The point of these experiments is to get people thinking about the security holes that are being introduced into cars before cars get networked together like PCs and are capable of being remotely controlled from unfriendly countries by international gangs of hackers.
Although these experiments are not easy to do (yet) — they require physical or wireless access to the car and some sophisticated tools — the researchers believe they are the first to look at cars as networked systems and to systematically exploit actual security holes instead of talking about holes in theory.
They say they’ve told the cars’ and components’ manufacturers about the problems they found and would like to see everybody who has a stake in safe, reliable cars to start talking — the government, public interest groups, insurance companies, the research community and so on. Another interesting finding — some of the car’s components behave differently in motion than they do at rest.
One reason I wanted to write about these experiments is that they’re not my first encounter with buggy cars. I wrote a story about the problem over seven years ago — I’d run across a couple of rogue BMW 325i’s (one owner was so frustrated he posted videos of his car on the Web) and a rogue dishwasher, all victims of software problems that were hard to diagnose.
Read the researchers’ paper if you want much more detail on what they did to the cars and how they did it. Their work was partially funded by the National Science Foundation and the Air Force.
Also, if you recognize the car in the picture, please leave us a comment!
