Exploiting Automobiles

It has been apparent since automobile manufacturers began inserting computers into automobiles that security hasn’t been a high priority. After decades of warnings the automobile manufacturers may finally be forced to deal with their lack of foresight:

Charlie Miller and Chris Valasek say they will publish detailed blueprints of techniques for attacking critical systems in the Toyota Prius and Ford Escape in a 100-page white paper, following several months of research they conducted with a grant from the U.S. government.

The two “white hats” – hackers who try to uncover software vulnerabilities before criminals can exploit them – will also release the software they built for hacking the cars at the Def Con hacking convention in Las Vegas this week.

They said they devised ways to force a Toyota Prius to brake suddenly at 80 miles an hour, jerk its steering wheel, or accelerate the engine. They also say they can disable the brakes of a Ford Escape traveling at very slow speeds, so that the car keeps moving no matter how hard the driver presses the pedal.

One of the golden rule of security is that exploits only become more elaborate with time. It sounds like the exploits that will be demonstrated at Defcon will require physical access to the automobile but, in all likelihood, the ability to remotely execute these exploits will show up shortly after the paper is published. All modern automobiles have tire pressure sensors (all of which, as far as I know, are wireless) and many now have Bluetooth, both of which could be potential avenues for remote attacks. It will be interesting to see the ramifications of this research in a few years.