Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.
Car cracking on a budget
The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.
"A car is a mini network," security researcher Alberto Garcia Illera told Forbes. "And right now there's no security implemented."
Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.
The device currently only works via Bluetooth, but the team says that they will have a GSM version ready by the time the conference starts. This would allow remote control of a target car from much greater distances, and more technical details of the CHT will be given out at the conference.
"The goal isn't to release our hacking tool to the public and say 'take this and start hacking cars'," said Vidal. "We want to reach the manufacturers and show them what can be done."
The duo aren't the first to demonstrate the total lack of security in the CAN bus system. At last year's DefCon convention, veteran hacker Charlie Miller showed how the CAN system was easily controlled using a laptop, and allowed modification of the car's firmware.
Both cracks need physical access – at least briefly – in order to work, but that's not impossible to achieve, and once the hardware's in place all you need to start causing trouble is a wireless signal. With the US government pushing for standards for car communications it might be an idea to insist there should be some security controls built-in, as well. ®