A A A
    by: Craig Howie | AOL Autos
     

    Securing your vehicle used to consist of making sure all the doors were locked, keeping valuable items hidden out of sight and parking it in a safe, preferably off-street location.

    But a new generation of cars includes more tech wizardry than a jumbo jet, raising consumer concerns that vehicles are more vulnerable than ever to light-fingered criminals. In these times, however, those light fingers are more likely to be twiddling on a laptop or remote-entry system than sticking a wire clothes hanger through a cracked window.

    A new study proves that the movement away from pure mechanization to digitization is exposing us to new opportunities for vulnerability. It's becoming increasingly easier to access all vehicles controls from one central location. The car's ECU, or electronic control unit, is the brain of your grocery getter. A team of researchers from The University of Washington in Seattle and The University of California San Diego recently took on the task of seeing if they could control a car's systems through its ECU.

    The two lead researchers for the project tested two identical 2009 model year vehicles (they did not reveal the name of the car), plugging their laptops into the controls for the ECU and running a software system. Their findings show that there are two main hacking threats to you car:

    - Physical Access: "Someone -- such as a mechanic, a valet, a person who rents a car, an ex-friend, a disgruntled family member, or the car owner -- can, with even momentary access to the vehicle, insert a malicious component into a car’s internal network via the ubiquitous OBD-II port (typically under the dash). The attacker may leave the malicious component permanently attached to the car’s internal network or, as we show in this paper, they may use a brief period of connectivity to embed the malware within the car’s existing components and then disconnect."

    - Wireless interfaces: "In our car we identified no fewer than five kinds of digital radio interfaces accepting outside input, some over only a short range and others over indefinite distance. While outside the scope of this paper, we wish to be clear that vulnerabilities in such services are not purely theoretical. We have developed the ability to remotely compromise key ECUs in our car via externally-facing vulnerabilities, amplify the impact of these remote compromises using the results in this paper, and ultimately monitor and control our car remotely over the Internet."

    After running tests using software with their laptops plugged in, the researchers were able to disable braking systems, control main vehicle functions and even turn off the engine, all while the test vehicle was traveling at speed.

    Security In Today's Cars

    Cars' vital functions, including steering, brakes and startup largely run on a system of interconnected electronic control units that form the car's central nervous system. These units run on millions of lines of computer code. It's estimated that the average premium new car runs on about 100 million lines of computer code, while Boeing's new 787 Dreamliner requires just 6.5 million code to function.

    Representatives from the Big Three told us, not surprisingly, that they are working hard to make sure security and privacy are paramount. All the while, consumer demand is creating something of a supercomputer in every vehicle.

    Ford, GM and Chrysler all have introduced wireless internet systems that allow consumers to surf the internet while in or around the vehicle and download music and road-trip directions to an in-car computer. Most in-car wireless systems work in much the same way as a home-internet wireless connection and require a password to gain entry to the network, said Chrysler's Nick Cappa. This basic step, he says, prevents almost all security breaches of the car's wireless system.

    Cappa says that the system offered by Mopar as an option on certain Chrysler, Dodge and Jeep models is independent of, and not integrated with, a car's central electronics systems, including its hard drive and the media library.

    "Think of its as a picnic table you can use in the vehicle but you can also detach and use outside the vehicle," he said.

    Similarly, when a new user wishes to log-in to Ford's wireless internet system the driver must give their permission for a connection to be established, which prevents "piggybacking," according to company spokespeople. A music-encryption system also prevents anybody from removing or copying tunes from the car's on-board library by wireless connection or by plugging the hardware into another car. Its route finder information can be locked from prying eyes by a four-digit PIN code (similar to an ATM card's) when needed. Ford also says the SecuriLock engine-start system only works with a designated key that sends a unique signal code to a transponder in the engine amid some 72-million-billion code configurations (which would severely challenge the most dexterous of hackers).

    While your ride seems to be safe at the moment, the threat looms ahead. All the while, it never hurts to park your car off-street and tuck away your valuables, either.

    Quick Shopping Tools:

    Research New Cars

    Cars for Sale in Your Area

    Get Repair Estimates

     
    Discuss
    1 - 20 of 89 Comments
    vdrobnitsa Jun 17, 2010 10:24 AM
    Hey mbteck1 dont bother to explain these guys that all this sorts of fears like hacking a car via multimedia network is just bull crap. They just like to think it is possible. I wont be surprised if in meanwhile someone will write an article How Thieves Are Planning On Hacking Into Your Microwave or TV or Washer/Dryer
    Report This
    sharkyid Jun 17, 2010 1:12 AM
    Pretty soon you won't be able to drive to work because your car and other caught a virus just those that people relaease on the internet. The computer thing has been taken way too far with cars. I wonder if a hacker could cause you to be in an accident maybe stop your brakes or steering from working. Rise of the machine.
    Report This
    kmcolli8 Jun 16, 2010 10:26 PM
    Oh wow Howie! Gee are you going to tell us any more secrets that muggers, lovers and thieves are just jonesin for. What a dumb beavis butt! Actually you kind of look like his brother!
    Report This
    mommie112508 Jun 16, 2010 8:46 PM
    In all honesty, this right here is journalism ****** greatest although I do have a bone to pick with the author. Is your initiative to put these thoughts into others minds' instead of going straight to the CEO of the company and informing on the bugs or is it you don't give a damn but your advancement in your career. Do not stress what appears your concerns over this issue when your putting it right out there for those criminals to take it, study and needless to say get away with it! How about this, fess up working with the criminals, giving them props and studies. You should be ashamed of yourself. This is coming from a young woman, 24 yrs old. Although the age may seem young but the wisdom holds more strength, apparently even more so to...how old are you?! Get a grip, realize what you have just done...thanks a million for adding to the chaos.
    Report This
    xnadesgoboomx Jun 16, 2010 8:32 PM
    These hackers on steroids are simply doing it for the lulz, an abomination of the term lol, which stands for Laugh Out Loud. They hack into your facebook, your email even your myspace dot com account and tear it apart. They go on imageboards and and plan invasions, these...terrorists have even hacked so many people, they've had to change their numbers, their names and even buy a dog.
    Report This
    nyc2tpa Jun 16, 2010 8:30 PM
    This actually has been around for a few years now. My last two vehicle purchases were followed by the same step...remove the fuse for the key-less entry. Of course, you have to open the doors like an '86 K car but you'll still be able to reach for your mp3 player or snazzy tire gauge.
    Report This
    mbteck1 Jun 16, 2010 8:09 PM
    The 2010 Mercedes Benz S-Class has 8 Networks and 2 Multimedia net works. * Of the net woks operate on the CAN system at speeds so slow not even a limp wrested dangleberrys can figure it out. The only net work in the article that was worth even mentioning was the Infotainment breach they where able to get into, not a big deal because every dumb ass knows that architecture anyway. So there is no substance in this article. I sort through every network issue known to the Mercedes Benz line. And have to say what a bunch of crap this article really is. I just go to show... You know what you know and DONT know what you dont know. Stay in the office and out of the automotive biz.
    Report This
    bearstar55 Jun 16, 2010 8:04 PM
    A 44 Auto-Mag will stop their dumbass pretty damn quick ! That's what all them ***** wannabe gangstas carjackers deserve anyway! A 44cal. Eye right in the middle of their foreheads! Sorry ass MotherF#@*ers!
    Report This
    va6 Jun 16, 2010 8:01 PM
    hacking cars is just POPULATION CONTROLL. just like doctors know you arnt gunna live forever POPULATION CONTROLL. thins the heard killing the week stupid and poor while the whitty and strong survive POPULATION CONTROLL. so in closing next time you CHOOSE to be a annoying TURD and cut off someone with a laptop a spare rider some time and a ton load of boredom just word to thoes ANNOYING CITIZENS take the time and remember BORED annoyed people may have nothing bettter to do with there time than idle follow you untill one day you park that HUMMER or anything thats is COMPUTER FRIENDLY and watch your rear .remember all the best serial killers in the land all had TOO MUCH TIME ON THERE HANDs do you wanna be the annoying citizen that gets too annoyed ?
    Report This
    bearstar55 Jun 16, 2010 8:01 PM
    Your typical everyday street thug , ***** wannabe gangstas that hijack cars don't have the brains or tech know-how to do this sorta of high-tech car jacking. Their ghetto educated brains only alllow them to steal the vehicles the old school method. Bust the windows and jack up the ignition or hot wire it.Most of them are school drop-outs and don't have the smarts to do this sorta of Hi-Tech theivery!
    Report This
    gr8bsn Jun 16, 2010 7:56 PM
    truckindude68 - Really, gestapo belts? Know what? No one is impressed by your disregard for personal safety now, and no one will be impressed when you get torn to shreds by your windshield. Meanwhile, the rest of us are paying higher insurance premiums because of people like you.
    Report This
    gr8bsn Jun 16, 2010 7:54 PM
    They also can't hack the Colt and the Louisville Slugger that I carry in my car at all times.
    Report This
    mbteck1 Jun 16, 2010 7:52 PM
    I am a 30 year Mercedes Benz Master Tech.. and this is the bigest bunch of crap I have ever read ..
    Report This
    gr8bsn Jun 16, 2010 7:52 PM
    They can't hack my 68 bug...
    Report This
    bigbri1977 Jun 16, 2010 7:44 PM
    HACKERS ARE TERRORIST AND MUST BE PUNISHED AS SUCH.
    Report This
    pks29733steel Jun 16, 2010 7:40 PM
    To 'stormint', currently I'm on a 'wi-fi' (if you know what that is) allowing me to 'surf' the internet. I don't have a internet account. I'm 'piggybacking' on someone' unsecured 'wi-fi' signal. 'Hacking' into a computer is easy, a car's might take just abit more time. stormint, I'm not (as to quote you) 'MOP HEADDED LIMP WRISTED LITTLE COMPUTER WIZZES WANTS TO TAKE ON MY CAR...). I'll take your challange in a heartbeat on one condition... If I win you'll have to box (it won't be sparring) for 6 rounds. I'm not concerned of your size (biggest person I knocked out was 281) so your size is not a concern to me (142 Lbs.). Yep I'm a 'computer wizzes' that has box 15 years in the ABF/USA and two years pro. Let me know when you want me to disable your car.
    Report This
    mvlovesrally Jun 16, 2010 7:37 PM
    Why can't they just make cars more like cars and less like computers? They need to make things more old-school and less technological.
    Report This
    fkurtin Jun 16, 2010 7:35 PM
    WELL, this is what you get when you keep buying the new crap vehicles they produce, Lets just see some punk try this crap on my 64 gmc 1/2 ton, moral of the story is stop setteling on new crap at 5 times the price. plus I get 27mpg with a V-8 in town and zero loss in HP,
    Report This
    jacolg15 Jun 16, 2010 7:33 PM
    wow thanks for letting people know how to do this. bad idea. many people who hadn't thought about doing this hopefully don't have aol and won't find out about this article. i agree with tmybaby44, fix the problem then advertise it. who's side are you on anyways? the victim or the criminal? apparently the criminal.
    Report This
    tmybaby44 Jun 16, 2010 7:09 PM
    GEEZZZZZZZZZZZZZZZZ FIX IT DON'T ADVERTISE IT......... THE MAKERS OF THESE CARS NEEDS TO DO AND RESOLVE THIS PROBLEM NOT THE BUYER. PLUS ADVERTISING THIS WILL CAUSE MORE THATS WHATS WRONG WITH HALF THE CRAP THAT GOES ON IN THIS WORLD, FIX THE DAMN PROBLEM THEN ADVERTISE IT.... GOOD LORD HELP YOU. F I X ITTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT........
    Report This
    1 - 20 of 89 Comments
     
    Leave A Comment?
    Please keep your comments relevant to the How Thieves Are Planning On Hacking Into Your Car article.
    ABUSE REPORT

    From:

    Your Comment:
    Send Report Cancel