A NOTE OF caution to anyone who works on the security team of a major automobile manufacturer: Don’t plan your summer vacation just yet.
At the Black Hat and Defcon security conferences this August, security researchers Charlie Miller and Chris Valasek have announced they plan to wirelessly hack the digital network of a car or truck. That network, known as the CAN bus, is the connected system of computers that influences everything from the vehicle’s horn and seat belts to its steering and brakes. And their upcoming public demonstrations may be the most definitive proof yet of cars’ vulnerability to remote attacks, the result of more than two years of work since Miller and Valasek first received a DARPA grant to investigate cars’ security in 2013.
“We will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle,” the hackers write in an abstract of their talk that appeared on the Black Hat website last week. “Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle.”
Miller and Valasek won’t yet name the vehicle they’re testing, and declined WIRED’s request to comment further on their research so far ahead of their talk.
Academic researchers at the University of Washington and the University of California at San Diego demonstrated in 2011 that they could wirelessly control a car’s brakes and steering via remote attacks. They exploited the car’s cellular communications, its Wi-Fi network, and even its bluetooth connection to an Android phone. But those researchers only identified their test vehicle as an “unnamed sedan.”
Read more at WIRED