A tiny, cheap gadget which can ‘hack’ into the network of modern cars to receive radio commands ranging from controlling steering and brakes to switching off headlights is to be shown off at the Black Hat Asia security conference in Singapore next month.
A tiny, cheap gadget which can ‘hack’ into the network of modern cars to receive radio commands ranging from controlling steering and brakes to switching off headlights is to be shown off at the Black Hat Asia security conference in Singapore next month.
According to a report by Forbes’ Andy Greenberg, the attack requires physical access to the vehicle – but the gadget, designed by security reseachers Javier Vazquez-Vidal and Alberto Garcia Illera is so discreet, attaching to a car’s internal network via the Controller Area Network, and drawing power from the vehicle, that it could be used for delayed attacks. The hacking tool, which is just smaller than an iPhone, can then wireless commands once it is attached to the vehicle.
“It can take five minutes or less to hook it up and then walk away,” Spanish researcher Vazquez Vidal told Greenberg. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”
Vidal says that they have tested four different vehicles, and that the degree of control varies according to make – but that they were able to trigger emergency brakes, switch off headlights, and trigger alarms via the device.
Writing on the Black Hat Asia site,,. Vidal says, “In our previous presentation, we learned how did the security in some car ECUs work, and we demonstrated how it could be bypassed to modify their internal parameters, and even to recover a bricked ECU. All of this was done over K-Line, a protocol that was used on all vehicles up to 2010. This time, we will go one step further, introducing the security existing in modern CAN bus enabled vehicles, and of course, how it can be bypassed. We will show a custom made tool that costs less than $20 to build and that is able to access the CAN bus system, giving the possibility of taking control over a CAN enabled vehicle remotely just by hooking four wires.”
Thus far, the CHT (Can Hacking Tool), works via Bluetooth, so it has limited range, but Vidal intends to upgrade it to receive GSM signals via a cellphone network. Vidal claims the tool is “totally untraceable”
Last year, a U.S. senator warned that modern cars were increasingly vulnerable to attack by hackers – either stealing information, or injecting malware, a U.S. Senator warned in a letter to 20 major auto manufacturers last year, as reported by We Live Security.
Senator Edward J Markey, Democrat, Massachussets, pointed out in his publicly available letter that average cars now have up to 50 electronic control units, often controlled by a car “network”.
The open letter ignited a spate of commentary, with Market Oracle describing the crime as “cyberjacking”, and pointing out that the average family car contains 100 million lines of computer code, and that software can account for up to 40% of the cost of the vehicle, according to researchers at the University of Wisconsin-Madison.
Hacks against cars have been demonstrated before – but thus far, all have relied on attackers having physical access to the vehicles. At the DefCon conference this year, two researchers showed how they could seize control of two car models from Toyota and Ford by plugging a laptop into a port usually used for diagnostics, as reported by We Live Security here.
So far, though, attacks where vehicles are “taken over” wirelessly have not been widely demonstrated.
“At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there,” said Charlie Miller, one of the ‘car hackers’ at Defcon. “We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”
