Remote Car hacking is reality, do not to underestimate it

A new alarm on car hacking issued by the security community, the white hat Jonathan Brossard warns cars can be hacked on the road remotely.

Car hacking is possible, I have proposed different works presented by security experts that demonstrate how to compromise modern vehicles with cheap environment. Modern cars have a huge quantity of components connected by an internal network that could be easily compromised knowing the communication protocol used by principal vendors.

“Modern cars contain upwards of 50 electronic control units (ECUs) that exchange data within an internal network. The safety of the automobiles relies on near real time communication between the different ECUs for predicting crashes, performing anti-lock braking, and much more.“

Recently Security researchers have demonstrated that car hacking is possible using wired systems or short-range wireless such as Bluetooth, but experts at Toucan Systems confirm that similar attacks can be conducted remotely from any place on the planet.

As reported by the Sydney Morning Herald, security expert Jonathan Brossard declared that he “does not know of a car that has been hacked on the road, but says his company does it for vehicle manufacturers in Europe.”

“The only way to verify that a car is not subject to cyber attack is to try to break it, fix it and try to break it again, he said.” ”The vehicle is remote from me. I am sitting at the desk and I am using the computer and driving your car from another country. I am saying it is possible.”A car is, technically speaking, very much like a cell phone and that makes it vulnerable to attack from the internet,” ”An attack is not unlikely.” he added.

The scenario is scaring, my mind immediately flies to the infinite possibilities of Intelligence agencies that could have already implanted in the control systems of million of cars any kind of device to advantage their remote control, it is already happening with routers and servers, why not for modern vehicle?

“At this year’s [Black Hat] conference in August he says attention will turn to an open back door allowing someone to take control of your computer remotely. He says it already infects 2 million computers worldwide, including Australian machines made by mainstream manufacturers.” reported the Sydney Morning Herald.

The majority of the attacks presented by the scientific community is operated through the Controlled Area Network, Electronic Control Units exchange operation data on one or more bus based on the Controlled Area Network standard. Popular security expert Charlie Miller and Chris Valasek demonstrated last year that it is possible to gain the control of a vehicle simply by connecting laptops to the dashboard.

A recent report published by CNN Money raises again the debate on the car hacking, the media describes the 50 to 100 computers controlling steering, acceleration and brakes in the typical automobile as “really dumb”

“there’s a danger to turning your car into a smartphone on wheels”. states the CNN.

As explained by Ed Adams, a researcher at Security Innovation, a company that tests the safety of automobiles, the principal problem in car hacking is the lack of security by design, the expert confirm that of proper security mechanism in the software which equip modern vehicles.

“Auto manufacturers are not up to speed,” “They’re just behind the times. Car software is not built to the same standards as, say, a bank application. Or software coming out of Microsoft.” said Ed Adams

Computer architecture in modern cars is not different from any other computer system, it is wirelessly connected to the Internet and could be targeted by a cyber attack.

The report claims that the next generation of cars from both Audi and Tesla can be victims of car hacking, in April the researcher Nitesh Dhanjani, presented a study conducted on his own Tesla Model S Sedan, he reported a series of security issues that could be exploited to locate and unlock the vehicles.

Be aware attacks where cars are “taken over” wirelessly have not been widely demonstrated, but it is worrying the approach of principal car manufacturers that seems to be impassive to the continue warning of hacking community.

“At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there,” “We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.” said the popular hacker Charlie Miller. 

As vehicles become more integrated with wireless technology, their surface of attacks will be enlarged in significant way giving to attackers much more opportunity to inject malicious code in the car components or to interfere with them.

Let’s hope car manufacturers will carefully assess their technologies, even if many of the components they integrates are designed by third-party companies.

(Security Affairs –  car hacking, car safety)