As I drove to the top of the parking lot ramp, the car's engine suddenly shut off, and I started to roll backward. I expected this to happen, but it still left me wide-eyed.
I felt as though someone had just performed a magic trick on me. What ought to have triggered panic actually elicited a dumbfounded surprise in me. However, as the car slowly began to roll back down the ramp, surprise turned to alarm as the task of steering backwards without power brakes finally sank in.
This wasn't some glitch triggered by a defective ignition switch, but rather an orchestrated attack performed wirelessly, from the other side of the parking lot, by a security researcher.
In this episode of "Phreaked Out," we met some of the top security researchers at the center of the car hacking world. The goal isn't to make people crash: They highlight security holes in order to highlight flaws in car technology, intended to pressure auto manufacturers to be a few steps ahead of their friendly foes.
Information security researcher Mathew Solnik gave us a first-hand demonstration on how to wirelessly send commands to the car and remotely tell it what to do. With a little over a grand and about a month of work, Solnik found time outside of his full-time job to reverse-engineer a car's computer system to make it ready for a takeover.
From his laptop, he was able to manipulate the car's engine, brakes and security systems by wirelessly tapping into the Controller Area Network, or CAN bus, network. Without getting too deep into the details—both for legal reasons and due to my own training-wheel knowledge of such things—he was able to do so by implementing some off-the-shelf chips, a third party telematic control unit, a GSM-powered wireless transmitter/receiver setup, and a significant amount of know-how he's accrued over the years.
The reason for such additional hardware was to make our older, mid-sized sedan function like a newer—and arguably more vulnerable—stock vehicle, which these days often come with data connections. (We would have loved to tinker with the latest, most connected car on the market, but since we were on a shoestring budget and it's incredibly hard to find a friend who's willing to lend their car for a hacking experiment, our pickings were slim.)
With that said, a car whose network system is connected to a cloud server and accessible by Bluetooth, cell networks, or wi-fi is potentially vulnerable to intrusion.
We also met with Alberto Garcia Illera, one half of the Spanish security duo (the other half being Javier Vazquez Vidal) responsible for the creation of CHT device: a car-hacking tool as small as an iPhone and more affordable than a week's worth of iced coffees. By connecting two wires to the CAN bus network and spending a mere five minutes of access time with the car, the CHT device is capable of injecting packets of (mis)information into a car's nervous system at an arbitrary distance.
By communicating via Bluetooth and GSM, Alberto's device is capable of remotely unleashing a wide gamut of car-altering commands from an arbitrary distance; everything from changing the song on the stereo, to activating the hand brake while cruising on a highway, to disabling a car's headlights during a midnight joyride.
Fear not, because the objective of these security researchers is simple: to point out that today's automakers are creating security systems that are not quite cutting it. It may seem a bit cheeky, but by airing the dirty linen of car manufacturers's leaky technology, white hat hackers like Solnik andIllera are urging the industry to correct the laxity in its security systems. Consider it a form of life-saving retribution designed to safeguard all drivers on the road.
And automakers are listening: Currently, Mathew and Alberto are both currently consulting for multiple automotive manufacturers in order to secure that vehicles become less vulnerable to potential future attacks.