On August 2, two security
experts will deliver the chilling news at Defcon, one of the world's largest hacking conferences, that cars are no less vulnerable to hacking than your tablet, phone, or desktop. There's one difference, though: car hacking poses more dangerous consequences.
Anyone who has visited a car show in the past few years knows that the automobile of today and tomorrow is fundamentally a computer system on wheels. Anyone who has read the headlines of technology news sites like this one also knows that where there is technology progress, there are technology risks.
In addressing the security audience at the upcoming Defcon event in Las Vegas on Friday, the researchers will reveal how they turned a laptop into a potentially lethal weapon as it took control of a car while someone else, Andy Greenberg of Forbes, was driving.
A Toyota Prius and a Ford Escape were used for the experiments. The results of the hack include forcing a Toyota Prius to brake while traveling, making the steering wheel jerk from side to side by hijacking the "park assist" feature, and disabling the brakes of a Ford Escape while it was traveling at a slow speed, according to Charlie Miller, a security researcher with Twitter, and Chris Valasek, director of security intelligence at computer security firm, IOActive.
Miller and Valasek are hackers of the "white hat" variety, who uncover software vulnerabilities to get a step ahead of real criminals.
These hackers can prevent the flaws from turning into nightmares for public and private organizations and end users. They told the BBC that they would "love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars."
The researchers connected the laptop to the vehicles' electronic control units (ECUs). The ECUs are part of a car's network that control actions such as accelerating, braking, and steering, by way of the on-board diagnostics (OBD) port. The sleuths were in the car, connecting to the OBD port ostensibly to overtake the car's functions.
However, IT managers could argue that this is not really "hacking" in the sense of someone taking control of a car's system remotely.
More Connectivity, More Challenges
Still, security experts firmly believe that when it comes to technology, build something new and attackers will figure out how to gain control.
While greater use of electronic controls and connectivity means power to enhance transportation safety and efficiency, as with new advancements in driverless cars, the same use brings a new challenge -- staying vigilant about potential vulnerabilities.
Wheeling and Dealing
Miller and Valasek intend to make their findings known at Defcon -- findings based on months of research funded by the government's research arm, the Defense Advanced Research Projects Agency (DARPA).
In the spirit of white hat hacking, which seeks to preserve the integrity of computer information, Miller told the BBC, "The information will be released to everyone. If you're just relying on the fact people aren't talking about the problem to stay safe, you're not really dealing with the problem."