Wirelessly hack your enemy's car for under £15

News by Steve Gold

Research pair to show off car computer hacking kit that costs less than US$ 20 (£12.25)

The commoditisation of hacking continues apace, with two researchers planning to reveal next month how they have built a wireless Electronic Control Unit (ECU) - using components costing under US$ 20 (£12.25) - that can hack into a car's computer network and systems.

The smartphone-sized unit, which researchers Alberto Garcia Illera and Javier Vazquez-Vidal will be showing off at next month's Black Hat Asia event in Singapore, requires physical access to the vehicle in order compromise the car's computer systems. After that, control of the car's computer systems - including steering and brakes - can be carried out wirelessly up to tens of metres away.

Illera is a Spanish pen tester while Vazquez-Vidal is a security consultant working, appropriately enough, for a company called Car-IT.

Both have revealed previous research at other security shows around the world, most notably Illera who gave a presentation entitled `How to Hack All the Transport Networks of a Country" at DEFCON 20 in 2012. Vazquez-Vidal's presentation at Black Hat USA last summer, meanwhile, was along similar lines and talked about an ECU tool for motor vehicles.

The two researchers have pooled their resources and will be revealing how their device bypasses the security of car ECUs - whether using the K-Line protocol (seen on ECUs until a few years ago) or the CAN (Control Area Network) bus system seen on most modern cars.

Plans call for the pair to discuss how the CAN bus is used to interface between the car's ECU and its transmission system, as well as controlling ancillary systems that control door locking mechanisms and AirCon plus seat systems.

Since CAN is a multi-master broadcast serial bus standard for connecting ECUs, each node on the network can exchange messages. The researchers will explain how each message consists of an ID plus signal data in a non-return-to-zero (NRZ) format and is sensed by all nodes.

Generating rogue messages on the car's network is how their device can compromise most features on the vehicle - including power steering and transmission, raising the spectre of causing a car to race to its top speed and disable the brakes, with predictable results, SCMagazineUK.com notes.

Vidal is quoted by Forbes as saying that the kit he and Javier have developed "can take five minutes or less to hook up and then walk away."

Commenting on the researcher's findings, Incoming Thought director and analyst Sarb Sembhi said the problem facing car manufacturers is that their systems consist of a great many components - many of which are supplied by third parties. As a result, he added that little thought is usually given to the security of the individual systems, let alone the car system as a whole.

"All devices are inherently hack-able, but as technology matures, there will be more and more research into the security of car-based systems," he said, adding that the arrival of in-car Android and Apple iOS-based systems also increases the risk that a programmer could hack into hardware controlled by the portable operating systems.

He says that the irony of this particular hack is that, unlike WiFi standards - which are constantly revised upwards to defend against security attacks - the components of a car are rarely upgraded.

"This is because the importance of the complete product is greater than that of the components, and vehicle manufacturers do not regard the security of components as part of their job," he said.

"Computer-based systems in cars are getting increasingly complex. My observations are that they are at a level of complexity that is similar to the technology seen in planes some 15 years ago. And the complexity is only going to increase," he warned.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews