FYI.

This story is over 5 years old.

Tech

How Security Researchers Are Hacking Cars to Save Lives

In this episode of "Phreaked Out," we met some of the top security researchers at the center of the car hacking world.

In this episode of "Phreaked Out," we met some of the top security researchers at the center of the car hacking world. The goal isn't to make people crash: They highlight security holes in order to highlight flaws in car technology, intended to pressure auto manufacturers to be a few steps ahead of their friendly foes.

Information security researcher Mathew Solnik gave us a first-hand demonstration on how to wirelessly send commands to the car and remotely tell it what to do. With a little over a grand and about a month of work, Solnik found time outside of his full-time job to reverse-engineer a car's computer system to make it ready for a takeover.

Advertisement

From his laptop, he was able to manipulate the car's engine, brakes and security systems by wirelessly tapping into the Controller Area Network, or CAN bus, network. Without getting too deep into the details—both for legal reasons and due to my own training-wheel knowledge of such things—he was able to do so by implementing some off-the-shelf chips, a third party telematic control unit, a GSM-powered wireless transmitter/receiver setup, and a significant amount of know-how he's accrued over the years.

The reason for such additional hardware was to make our older, mid-sized sedan function like a newer—and arguably more vulnerable—stock vehicle, which these days often come with data connections. (We would have loved to tinker with the latest, most connected car on the market, but since we were on a shoestring budget and it's incredibly hard to find a friend who's willing to lend their car for a hacking experiment, our pickings were slim.)

With that said, a car whose network system is connected to a cloud server and accessible by Bluetooth, cell networks, or wi-fi is potentially vulnerable to intrusion.

We also met with Alberto Garcia Illera, one half of the Spanish security duo responsible for the creation of CHT device: a car-hacking tool as small as an iPhone and more affordable than a week's worth of iced coffees. By connecting two wires to the CAN bus network and spending a mere five minutes of access time with the car, the CHT device is capable of injecting packets of (mis)information into a car's nervous system at an arbitrary distance.

By communicating via Bluetooth and GSM, Alberto's device is capable of remotely unleashing a wide gamut of car-altering commands from an arbitrary distance; everything from changing the song on the stereo, to activating the hand brake while cruising on a highway, to disabling a car's headlights during a midnight joyride.

Fear not, because the objective of these security researchers is simple: to point out that today's automakers are creating security systems that are not quite cutting it. It may seem a bit cheeky, but by airing the dirty linen of car manufacturers's leaky technology, white hat hackers like Solnik andIllera are urging the industry to correct the laxity in its security systems. Consider it a form of life-saving retribution designed to safeguard all drivers on the road.

And automakers are listening: Currently, Mathew and Alberto are both currently consulting for multiple automotive manufacturers in order to secure that vehicles become less vulnerable to potential future attacks.