Last November, on a closed airport runway north of Seattle, Wash., a team of researchers from University of Washington and University of California–San Diego performed an ominous experiment on a late-model sedan. With a chase car driving on a parallel runway, they sped the test vehicle up to 40 mph, then turned off the brakes—via Wi-Fi. "Even though we knew what was going to happen, it's a very unsettling feeling to have a loss of control," says Alexei Czeskis, the researcher who was driving the test car. "You get full resistance from the brake pedal, but no matter how hard you press, nothing happens."
The test sedan was rigged up with a laptop hooked into its OBD II diagnostic port. On the computer was a custom-coded application, called CarShark, that analyzes and rewrites automobile software. That laptop was linked via a wireless connection to another laptop in the chase car. In addition to temporarily rendering the test car brakeless, the setup also allowed the research team to remotely turn off all the vehicle's lights (including the headlights and brake lights), turn on the windshield wipers, honk the horn, pop the trunk, rev the engine, disable specific cylinders, engage individual brakes and shut down the vehicle completely while it was in motion.
Although the make and model of the test sedan is easily identifiable from photos in the team's published report (pdf), the researchers chose not to identify the car because in their view, the experiment could have been done on any number of modern vehicles.
Reports like this can be easily sensationalized to seem like our cars have a potentially dangerous electronic vulnerability. But computer security pros have seen no evidence of sophisticated criminal networks of car hackers. Besides, most drivers would notice if a laptop was jacked into the underside of their dashboards. But the threat is not purely theoretical. In March, 20-year-old Omar Ramos-Lopez, a disgruntled former employee of Texas Auto Center in Austin, remotely disabled more than 100 customers' vehicles by hijacking the dealership's vehicle immobilization system. The controversial system is a product of Pay Technologies, which produces remotely addressable black boxes that dealers can install under the dashboards of drivers with high-risk loans. If a customer becomes delinquent on his car payments, the GPS-enabled boxes can provide the location of the vehicle, shut it down and honk the horn to make repossession easier.
Lopez's simple highjacking of the Pay Technologies system was hardly an involved electronic breach, but it highlights how much damage a dedicated attacker or disgruntled insider can do in a vehicle in which almost every mechanical system is computer-controlled. The threat of digital vehicle takeover seems to have come out of nowhere, but the technological shifts that have enabled it have been advancing in fits and starts for decades. Onboard vehicle computers date back to the late 1960s, and have evolved into sophisticated networks of electronic control units (ECUs) that are highly interconnected and often interdependent.
For years, aftermarket performance tuners have been reverse engineering ECUs to fine-tune fuel mixing, ignition and valve timing, among other variables. "It's not easy, for sure" says Mike Wesley, president of the tuning shop DiabloSport. "In a typical engine ECU there may be 5000 things we can change that effect how the engine performs." Tuners reprogram car computers to improve performance, but according to Wesley, any changes in code must be done carefully or unintended consequences can arise. "Powertrain controls are becoming very complex and interrelated," he says. "If you change certain things in the engine ECU, for example, this can have an effect on how the throttle body reacts. It may open unexpectedly."
So whether by accident or through malevolent intent, a few damaged data packets can have a disastrous effect. The potential for mayhem has recently been amplified thanks to the increase of embedded wireless systems in vehicles. The most widespread and established of these systems is OnStar, a subscription cellular service that interfaces with equipment pre-installed on most GM vehicles. OnStar has access to diagnostic information within the vehicle as well as many component control systems. OnStar advertises a service feature called Stolen Vehicle Assistance, which can, in cooperation with law enforcement, remotely locate a vehicle, then slow it to a stop. OnStar, however, is hardly the only system taking advantage of wireless technology. Ford's latest generation Sync system can turn its vehicles into rolling Wi-Fi hotspots, and both GM and Ford are encouraging third-party software developers to design apps that integrate the functionality of smartphone software (such as Pandora and Google Maps) with vehicle telematics systems such as OnStar and Sync.
According to OnStar representative Jim Kobus, the company has never had its service compromised, and there are multiple security protocols built into the OnStar system. The University of Washington and UCal San Diego researchers did not break through any embedded wireless systems, but according to team leader Professor Yoshi Kohno, compromising such a system isn't out of the realm of possibility.
Computer-security pros agree that there is little reason for drivers to worry today, since the chances of random hackers killing your brakes on the interstate are slim to none. Yet now is the time, they say, for the auto industry to start concentrating on cybersecurity. "We should learn from infamous examples in the general computer industry of what not to do," says Tiffany Rad, a lawyer, hacker and lead evangelist for the OpenOtto project, which aims to promote open-source code for automobile ECUs. "If cars are going to communicate with each other or be able to access the Internet, information-security professionals should be working with the mechanical and electrical engineers in designing the software and hardware for cars from the first line of code to the last."
