Cutting the Brakes with a Click
The Toyota Prius is one of the most high-tech cars on the consumer market. So many of its processes are linked up to the car's onboard computer that you almost don't even have to put your hands on the steering wheel to drive the car.
In fact, for hackers like Chris Valasek and Charlie Miller, all you need is a Macbook, a USB cable and a little creative thinking.
From the backseat of a Prius, these two security researchers have proven they can do everything from honk the horn to turn off the brakes just by tapping a few keys of their Mac laptops.
That's right: they can turn off the brakes. Even when someone is sitting in the front seat, hands on the steering wheel, furiously pressing down on the brake pedal — the car won't slow down. [See also: Why Internet Hacking Is Your Fault]
The two security researchers — Valasek works for IOActive and Miller for Twitter — have spent the last year looking for security vulnerabilities in computerized cars under a grant from the Pentagon's Defense Advanced Research Projects Agency.
At the annual DEF CON hacking conference held in Las Vegas, on Friday August 2, Miller and Valasek will go into more detail about their discoveries, and demonstrate just how much control they can get over a car. But from what they've already revealed in previews, it's quite a lot.
Aside from turning off the brakes, which is terrifying enough in and of itself, Miller and Valasek can turn off power steering, make the onboard GPS systems give wrong directions, change the numbers on the speedometer and even make the car change direction.
Miller and Valasek's successful hacks drive home the fact that most modern cars are more computerized than we realize. With that computerization comes added convenience — as well as added risk.
Carhacking: A History
For example, the Prius is just one of several cars that now implements auto-parking features whereby the onboard computer navigates the car to an empty parking spot without the driver. That means the car's computer has access to the car's engine and brakes.
If you can tell your car what to do via a computer, it's a pretty good bet a hacker can do the same and possibly even more.
There is one caveat, however: From Valasek and Miller's research, It seems that a hacker would need to be plugged into the car directly via the mobile phone connector in order to gain this level of control.
That doesn't mean that wireless hacking isn't possible. In 2011, researchers from the University of California San Diego were able to hack into an unspecified sedan-type car via its onboard Bluetooth or cellular connection. They were even able to rig a music CD with malware and thereby gain access to the car's systems.
Using these connections, the UCSD researchers were able to infect the car's onboard systems with a type of malware that gave them access to the car's electronic control unit.
That same year, independent researchers from security consulting firm iSec Partners proved they were able to unlock a car and then start its engine just by sending a text message.
Now Miller and Valasek have taken the UCSD researchers' proof-of-concept a step further by cataloguing exactly what a malicious intruder could do to a car once a connection was established.