When people hear about computer hacking, their minds usually turn toward laptops, cell phones, and tablets. Thoughts of computer viruses invading our electronics, stealing passwords and personal information flood us with paranoia, and yet one of the last places we tend to think about are our cars — even though nowadays they are primarily run by computers. Perhaps it’s because our automobiles don’t contain social security numbers or bank account information, but thieves can hack your car computer, and that could prove deadly.
That’s the findings from Chris Valasek and Charlie Miller who have been featured in Forbes and on NPR and the Today show. The duo were given a grant from the Defense Advanced Research Projects Agency (DARPA) in order to see just how vulnerable our cars are. They used a Toyota Prius and a Ford Escape, and tapped into the electronic control units (ECU) in the vehicles. ECUs are the network of computers found in virtually every car sold today, and they control everything from automatic locks and your on-board display, to steering, breaking and more.
As the NPR report explains:
All these little devices talk to each other on an open network. They listen in to every message that’s sent, and they don’t verify where a specific command is coming from. Miller says all of this makes cars easy to attack. Any sensor attached to the processor on the network is vulnerable. So after Miller and Valasek learned the code that controlled the ECUs on the two cars they were testing, they were able to cause all kinds of havoc.
For example, they made the cars to accelerate and brake without the driver’s control, as well as jerk the wheel while driving at high speeds, honk the horn, jerk seatbelts and more. More worrisome, they could shut off the brakes entirely. The two used standard computers to get the job done, but could this be extended even further, with hackers remotely tapping into a car’s system via the phone’s Bluetooth device to turn it on, steal it, or cause bodily harm?
At the moment that seems doubtful, and more like a potential plot device for a TV show where the victim is murdered via a cyber attack on his fancy new car. Indeed, the report explains that it’s unlikely a hackers will attack your car any time soon. “All cars don’t all use one operating system and they don’t all speak one single language,” the report states. “So before a hacker can take control, he or she has to learn the specific code that runs the systems for that specific car.”
However, the threat is out there, so Miller and Valasek tried sharing their findings with Toyota and Ford before going public. While both companies say they take the research seriously, they’re still convinced their cars are safe.
Check out the Forbes video above, which shows some of Miller and Valasek’s research in action.