Oct 25, 2016 07:32 AM
"Automobiles may be getting more advanced, but that doesn’t mean they are immune to hacks.
The latest cars, stuffed with technology that collects driving data and makes keys obsolete, are far “smarter” than older vehicles. However, all those features come at a cost when it comes to how easily hackers can infiltrate car computer systems.
Security researchers from the University of Washington and the University of California, San Diego took to the stage at a conference on Tuesday to describe how they were able to remotely break into vehicle electronics through an array of security holes. Speaking at the Enigma Security Conference in San Francisco, they discussed how cars have evolved over the years into computers on wheels that crafty hackers can penetrate under the right circumstances.
One particularly sensitive entry point for hacking is the legally required OBD II port, which is basically “the Ethernet jack for your car,” said Stefan Savage, a University of California, San Diego professor of computer science and engineering. It is typically located below the dashboard on the driver’s side.
This port acts as the car’s command center that connects to all of the different computers systems, said Savage. Mechanics often plug directly into this port to retrieve diagnostics for the car’s emissions, mileage, and engine errors.
However, hackers who directly connect their laptops to the port through an intermediary device can basically plug into car’s control system and “have access to everything,” said Savage. “Once you get inside this network, all bets are off,” he said.
With cars containing multiple computers coupled together through a maze of networks, it’s also possible to break into the car’s command center without having to physically plug something into the port. Hackers just have to find a hole somewhere within one of the networks to sneak in.
These holes are often created from software conflicts that emerge when code from one device like a CD player communicates with code from another device like a car’s on-boarding system. There’s so much code in a typical car from so many different vendors that it can be virtually impossible for auto makers to know all the software inside their vehicles, he explained.
In 2010, Savage and his and his research team demonstrated how they were able to wirelessly hack into the command centers of a 2009 Chevy Impala through the OBD-II port. They were able to manipulate the car’s braking system so that the vehicle suddenly stopped or failed to function at all.
Wired reported that it took General Motors GM -4.24% five years to completely fix the bug and ensure that future models wouldn’t have the same vulnerabilities...."
---http://fortune.com/2016/01/26/security-e...hack-cars/
The latest cars, stuffed with technology that collects driving data and makes keys obsolete, are far “smarter” than older vehicles. However, all those features come at a cost when it comes to how easily hackers can infiltrate car computer systems.
Security researchers from the University of Washington and the University of California, San Diego took to the stage at a conference on Tuesday to describe how they were able to remotely break into vehicle electronics through an array of security holes. Speaking at the Enigma Security Conference in San Francisco, they discussed how cars have evolved over the years into computers on wheels that crafty hackers can penetrate under the right circumstances.
One particularly sensitive entry point for hacking is the legally required OBD II port, which is basically “the Ethernet jack for your car,” said Stefan Savage, a University of California, San Diego professor of computer science and engineering. It is typically located below the dashboard on the driver’s side.
This port acts as the car’s command center that connects to all of the different computers systems, said Savage. Mechanics often plug directly into this port to retrieve diagnostics for the car’s emissions, mileage, and engine errors.
However, hackers who directly connect their laptops to the port through an intermediary device can basically plug into car’s control system and “have access to everything,” said Savage. “Once you get inside this network, all bets are off,” he said.
With cars containing multiple computers coupled together through a maze of networks, it’s also possible to break into the car’s command center without having to physically plug something into the port. Hackers just have to find a hole somewhere within one of the networks to sneak in.
These holes are often created from software conflicts that emerge when code from one device like a CD player communicates with code from another device like a car’s on-boarding system. There’s so much code in a typical car from so many different vendors that it can be virtually impossible for auto makers to know all the software inside their vehicles, he explained.
In 2010, Savage and his and his research team demonstrated how they were able to wirelessly hack into the command centers of a 2009 Chevy Impala through the OBD-II port. They were able to manipulate the car’s braking system so that the vehicle suddenly stopped or failed to function at all.
Wired reported that it took General Motors GM -4.24% five years to completely fix the bug and ensure that future models wouldn’t have the same vulnerabilities...."
---http://fortune.com/2016/01/26/security-e...hack-cars/