Hacking Transportation Devices – 0wning Cars!

René Pfeiffer/ March 17, 2011/ Security, Stories

Last Summer we published a short article about an experimental study of modern car sensors systems and their security. Researches took a modern car, connected to the internal data bus and tried to do some hacking. They were able to manipulate on-board systems up to controlling the brakes and the engines. The study shows that once you have access to the (internal) network, you can do things that were most probably never anticipated by the designers. Arguably the risks of these kind of attacks is rather low – for now. However if you think about the Internet, software working in networked environments or the plethora of devices that can be connected to computers, then the number of attack vectors increases. This is not breaking news. You can see this trend in the wonderful world of mobile devices, web applications and computer desktops.

Security researchers at the University of California, San Diego, and the University of Washington have expanded their horizon by examining computer-enhanced automotive systems. They attacked the internal networks and the connections to the outside world such as USB ports, Bluetooth interfaces and cellular networks. Bluetooth devices have been under attack for some years now, but it’s the combination that makes things worse. The most extravagant threat they created was a digital music file they burned on CD and inserted in the car stereo system. The trojaned song alters the firmware of the sound system and gives access to the internals of the car’s operating system, to use this familiar term. Once you are in, you can continue looking for bugs and possibly exploit further subsystems. Stefan Savage, a professor at the University of California, points out that it is still easier to use the interfaces used by the repair shops, so we will not see hordes of exploited cars roaming the highway as moving herds of botnets yet. The potential is there though.

The threat level may rise faster than expected. Some modern cars can have a phone number and can be called since they are equipped with 2G/3G technology. This means they are accessible, and we’ve heard about the state of 2G/3G network security and baseband attacks. This also means that your car might be on the Internet. A few years ago there was talk about providing highways in- and outside cities with Wi-Fi access points. The realisation of Wi-Fi across the countryside has not happened, but it illustrates another possible attack vector. Failing that the attacks so far have used the internal CAN bus, audio data, Bluetooth or other means. This is a warning. If you create interfaces, you need to implement appropriate security. The defence in depth strategy applies as well.


Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.