Researchers release tools and code used to control Ford and Toyota test cars

News by Dan Kaplan

Researchers who demonstrated how to compromise a car's internal network have made their work publicly available.

Researchers who demonstrated how to compromise a car's internal network have made their work publicly available.

Three days after their DefCon talk, Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, have released a whitepaper (PDF) describing their research, as well as the data, tools and code used in their exploits.

“We hope that these items will help others get involved in automotive security research," Valasek wrote in a blog post.

“The paper is pretty refined but the tools are a snapshot of what we had.”

The pair tested on a 2010 Ford Escape and 2010 Toyota Prius and demonstrated how to control the steering wheel or the brakes. Both car manufacturers received the documents several weeks before DefCon.

“If the only thing that keeps our cars safe is that no one bothers to do this kind of research, then they're not really secure,” Miller told IDG News Service. “I think it's better to lay it all out, find the problems and start talking about them.”

Their talk, 'Adventures in automotive networks and control units', discussed findings involving controller area networks (CAN) and automobile firmware. CAN is a protocol that enables electronic systems in cars to speak to each other without the need for a centralised computer.

Toyota and Ford reportedly have responded to say they were more concerned with remote hacking and that Miller and Valasek's research required direct access to the automobile, something that would be visible to a real-life victim. 

Miller and Valasek responded that researchers a few years ago already accomplished remote infiltration. The purpose of their work was to learn how far one can go with direct access. In addition, they said that dashboard removal was not necessary.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike