Researchers find car computers can be hacked

Computer scientists have found ways to hack the computers included in most modern cars, allowing them to take control with sometimes terrifying results.

In a paper prepared for a security conference in Oakland, California this week, researchers from the University of Washington and the University of California said they were able to remotely lock the brakes, the engine, and windows on a car.

They could also take control of the air conditioning, honk the horn and make the instrument panel display whatever they wanted it to.

Many hacks could be performed even when the car was travelling at 65kmh.

"We were able to release the brakes and actually prevent our driver from braking; no amount of pressure on the brake pedal was able to activate the brakes," the paper said.

"Even though we expected this effect, reversed it quickly and had a safety mechanism in place, it was still a frightening experience for our driver."

Modern vehicles make extensive use of computers to control systems like anti-lock braking and ignition timing.  Each system typically has its own dedicated computer controller, which is connected to a network which can accessed by mechanics via a socket under the dashboard.

It was recently estimated the typical luxury sedan now had between 50 and 70 independent computers communicating over one or more network buses.

The paper said tests were conducted by connecting a laptop to the network via the socket under the dashboard and controlling it wirelessly using a second laptop in a second car.

However, it said someone with even momentary physical access to a vehicle could insert a small component, as the researchers did with an  "attack iPod" 

That component could be left there permanently to act in the same way the laptop did in tests, or or it could be used for a short period to add malware to the car's system.

Researchers said they also found a way to make use of wireless communication systems now being used in cars.

Those systems allowed researchers to remotely compromise the computers in cars they tested, so they could monitor and control the target vehicles over the internet.

The paper said the hacks were performed using CarShark, a program written by the researchers. It will not be released to the public. 

Researchers have spoken to car companies about their results

The paper said the attacks were easier than expected, and researchers believed car makers had not considered the possibility a hacker might attack the computers in their cars.

In an interview with CNET one of the researchers, Tadayoshi Kohno, said he had no reason to believe people were exploiting the weaknesses found for anything other than research at present.

"One of our goals is to stay ahead of the bad guys before the threats really do manifest," he said.

The researchers tested their hacks on two 2009 pasenger cars, but they would not disclose what models were used, saying they believed the issues were related to the architecture of the modern automobile and not the design decisions of any particular car marker.

Add a Comment