New research has shown that police cars can now be hacked. In a project sponsored by the US State of Virginia, Virginia State police worked with the University of Virginia, Mitre Corp, John Hopkins Applied Physics Lab, the Aerospace Corporation and many others to test state police vehicles and whether they could be compromised in the same way as a civilian vehicle, or an everyday computer can be.
The project was announced this May and now its fruits have finally come to bear. Unlike other projects of this nature, this one was focused entirely on stationary vehicles.
This experiment only focused on Virginia state police vehicles like the Impala and the 2013 Ford Taurus; the test-attackers found that they could mess with the gear box; open the boot and the doors; make the engine accelerate or even cut it off completely.
This is not explicitly a breach. To ‘hack' the vehicles in the way the experiment did, one would have had to have tampered with the vehicle beforehand. Mitre, who helped with the research planted bluetooth devices within the tested vehicles, rewired their electronic operations and from there, could hack into the vehicles via a smartphone app.
Brian Barrios, portfolio director of Mitre's National Cybersecurity FFRDC, told trade press, the car, “...doesn't have bluetooth or cellular” connectivity. He added that this was custom-software that Mitre wrote specifically for the attack and that it's not the kind “an average person” could successfully execute.
Counter measures were also developed in order to help combat this currently theoretical danger to state policemen. Another company working with the project, Kaprica security, developed a device to block this kind of remote hack and collect forensic data on the attack.
While this is the first known instance of hacking a police vehicle, hacking civilian cars has been an oft-seen subject in tech news headlines. Just last week, Craig Smith, a security consultant, exhibited a new tool he had created at this year's Derbycon. The tool, meant to be tested on car dealerships, batters a car's diagnostic systems with random information in order to find vulnerabilities in cars. Previous attempts to hack private vehicles have shown that hackers could potentially remotely control braking, indicators, locks, acceleration and even disengage the transmission.
But the revelation that police vehicles, too can be compromised, begs the question, who will protect the protectors? One can imagine the kind of destruction that a compromised police vehicle might wreak on an unsuspecting passenger, let alone the surrounding environment.
This experiment has, as far as the researchers know only been achieved in this test environment. Whether it can be achieved in the wild is yet to be seen, if at all.
Steve Launchbury, a vehicle crime project engineer at Thatcham, a UK-based automotive research centre, spoke to SCmagazineUK.com saying: “In the UK we have so far not seen any proven successful wireless hacking attempts and all examples so far involve physically connecting to the vehicle. The story from the US about hacking into a police car is part of an ‘ethical hacking' project which involved physical access to the vehicle.”
Launchbury added that: “Motorists should be reassured that in the UK we enjoy the highest vehicle security standards in the world and those who wish to protect themselves further have a number of additional aftermarket deterrents available to them, including mechanical devices and tracking systems, which can provide further peace of mind.”
The Police Federation and The National Police Chief's Council both declined to comment on whether a similar exploit might be found in UK police vehicles.