At the Black Hat conference in Las Vegas this week, security researchers will demonstrate their ability to hack into cars such as the Toyota Prius and Ford Escape, and mess around with vehicles’ internal electronic systems, including those related to braking and steering.
The researchers, Charlie Miller and Chris Valasek, received a grant totalling over $80,000 from the United States’ Defense Advanced Research Projects Agency (DARPA) to investigate the issue.
The funding, by the way, was definitely needed. When Miller, for instance, discovered how to disable the brakes on a moving vehicle he managed to crash his test car into his garage, crushing his lawnmower and causing damage to a wall.
A flavour of what can be expected by the researchers’ investigation into digital carjacking is available for all to see in this video made by Forbes reporter Andy Greenberg:
It certainly makes for one of the more impressive hacking demonstrations you’re likely to see for quite some time, and the accompanying article by Greenberg is well worth a read.
Cars these days are complicated, sophisticated devices with computer control systems at their heart more complicated than those which put a man on the moon.
Although the average driver shouldn’t currently be losing too much sleep about these security flaws, it is becoming clear that there are ways to mess with a vehicle’s electronic innards that could lead to danger.
Although the risk is currently very slight, car manufacturers need to be prepared to reach outside their traditional talent pool, and bring in system security engineers to help ensure that their cars know when they are being meddled with or sent bogus instructions.
Aside from the public safety angle, car manufacturers must realise that it would only take one or two malicious targeted attacks against a vehicle for a manufacturer to have a potentially devastating blow to their brand reputation.
After all, no-one wants to drive the same car as the one that got hacked, killing a foreign leader or terrorist.
We have to hope that security researchers act responsibly, and work with the car manufacturers to help them secure their systems rather than sell details of potential vulnerabilities to the highest bidder.
If researchers are concerned that manufacturers are taking too long to fix problems, then the best route is not to go public with how to hack a car, but instead apply pressure to the manufacturer by approaching the media and demonstrate to them the flaws that exist.
The high visibility of Forbes’s video hopefully will go some way to waking up the security teams behind the Ford and Toyota cars to the potential risk.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.