Two researchers are to demonstrate a “hack”
that allows control over automobile systems including brakes and
steering in models by Ford and Toyota – overriding the commands sent by
the driver.
The “hack” can’t be used to “remote control” a vehicle, but Charlie
Miller and Chris Valasek claim that their software can override the
Electronic Control Units (ECUs) in a Toyota Prius and Ford Escape, by
plugging a MacBook into a diagnostics port used by mechanics.“‘Imagine you’re driving down a highway at 80 ,’ Mr Valasek said in an interview with Forbes. ‘“You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”
The researchers stress that they have not created a mechanism for remote attacks, and say that their research aims to raise awareness of vulnerabilities in these systems.
“At the moment there are people who are in the know, there
are nay-sayers who don’t believe it’s important, and there are others
saying it’s common knowledge but right now there’s not much data out
there,” said Mr Miller, in an interview with the BBC. “We would love for
everyone to start having a discussion about this, and for manufacturers
to listen and improve the security of cars.”
The hack will be shown off at DefCon 21 on Friday, August 2, in a presentation entitled “Adventures in Automotive Networks and Control Units”
“These types of message are usually used by mechanics to
diagnose problems within the automotive network, sensors, and actuators.
Although meant for maintenance, we’ll show how some of these messages
can be used to physically control the automobile under certain
conditions.,” says Valasek.
“So there you have it. While we are NOT covering any remote attack
vectors/exploits, we will be releasing documentation, code, tools,
sample traffic from each vehicle, and more. At the very least you will
be able to recreate our results, and with a little work should be able
to start hacking your own car!”
No comments:
Post a Comment