The “Internet of automobiles” may hold promise, but it comes with risks, too.
by Dan Goodin
Just about everything these days ships with tiny embedded computers that are designed to make users’ lives easier. High-definition TVs, for instance, can run Skype and Pandora and connect directly to the Internet, while heating systems have networked interfaces that allow people to crank up the heat on their way home from work. But these newfangled features can often introduce opportunities for malicious hackers. Witness “Smart TVs” from Samsung or a popular brand of software for controlling heating systems in businesses.
Now, security researchers are turning their attention to the computers in cars, which typically contain as many as 50 distinct ECUs—short for electronic control units—that are all networked together.
Cars have relied on on-board computers for some three decades, but for most of that time, the circuits mostly managed low-level components. No more. Today, ECUs control or finely tune a wide array of critical functions, including steering, acceleration, braking, and dashboard displays. More importantly, as university researchers documented in papers published in 2010 and 2011, on-board components such as CD players, Bluetooth for hands-free calls, and “telematics” units for OnStar and similar road-side services make it possible for an attacker to remotely execute malicious code.
The research is still in its infancy, but its implications are unsettling. Trick a driver into loading the wrong CD or connecting the Bluetooth to the wrong handset, and it’s theoretically possible to install malicious code on one of the ECUs. Since the ECUs communicate with one another using little or no authentication, there’s no telling how far the hack could extend.
Later this week at the Defcon hacker conference, researchers plan to demonstrate an arsenal of attacks that can be performed on two popular automobiles: a Toyota Prius and a Ford Escape, both 2010 models. Starting with the premise that it’s possible to infect one or more of the ECUs remotely and cause them to send instructions to other nodes, Charlie Miller and Chris Valasek have developed a series of attacks that can carry out a range of scary scenarios. The researchers work for Twitter and security firm IOActive respectively.
Among the attacks: suddenly engaging the brakes of the Prius, yanking its steering wheel, or causing it to accelerate. On the Escape, they can disable the brakes when the SUV is driving slowly. With an $80,000 grant from the DARPA Cyber Fast Track program, they have documented the cars’ inner workings and included all the code needed to make the attacks work in the hopes of coming up with new ways to make vehicles that are more resistant to hacking.
“Currently, there is no easy way to write custom software to monitor and interact with the ECUs in modern automobiles,” a white paper documenting their work states. “The fact that a risk of attack exists but there is not a way for researchers to monitor or interact with the system is distressing. This paper is intended to provide a framework that will allow the construction of such tools for automotive systems and to demonstrate the use on two modern automobiles.”
The hacking duo reverse-engineered the vehicles’ CAN, or controller area networks, to isolate the code one ECU sends to another when requesting it take some sort of action, such as turning the steering wheel or disengaging the brakes. They discovered that the network has no mechanism for positively identifying the ECU sending a request or using an authentication passcode to ensure a message sent to a controller is coming from a trusted source. These omissions make it easy for them to monitor all messages sent over the network and to inject phony messages that masquerade as official requests from a trusted ECU.
“By examining the CAN on which the ECUs communicate, it is possible to send proprietary messages to the ECUs in order to cause them to take some action, or even completely reprogram the ECU,” the researchers wrote in their report. “ECUs are essentially embedded devices, networked together on the CAN bus. Each is powered and has a number of sensors and actuators attached to them.”
Using a computer connected to the cars’ On-Board Diagnostic System, Miller and Valasek were able to cause the vehicles to do some scary things. For instance, by tampering with the so-called Intelligent Park Assist System of the Prius, which helps drivers parallel park, they were able to jerk the wheel of the vehicle, even when it’s moving at high speeds. The feat takes only seconds to perform, but it involved a lot of work to initially develop, since it required requests made in precisely the right sequence from multiple ECUs. By replaying the request in the same order, they were able to control the steering even when the Prius wasn’t in reverse, as is usually required when invoking the park assist system. They developed similar techniques to control acceleration, braking, and other critical functions, as well as ways to change readings displayed by speedometers, odometers, and other dashboard features.
For a video demonstration of the hacks, see this segment from Monday’s The Today Show. In it, both Toyota and the Ford Motor company emphasize that the manipulations Miller and Valasek carry out require physical access to the car’s computer systems. That’s a fair point, but it’s also worth remembering the previous research showing that there are often more stealthy ways to commandeer a vehicle’s on-board computers. The aim behind this latest project wasn’t to develop new ways to take control but to show the range of things that are possible once that happens.
When combined with the previous research into hacking cars’ Bluetooth and other interfaces, the proof-of-concept exploits should serve as a wake-up call not only to automobile manufacturers, but to anyone designing other so-called Internet-of-things devices. If Apple, Microsoft, and the rest of the computing behemoths have to invest heavily to ensure their products are hack-resistant, so too will those embedding tiny computers into their once-mundane wares. A car, TV, or even your washing machine that interacts with Internet-connected services is only nifty until someone gets owned.
Via ARS Technica