Car Hacking: Here s Code, Have at It, EE Times
Sign Up / Sign In
Welcome back, <* welcomeName *>!
Welcome Back
Please confirm the information below before signing in. Already have an account? Sign In.
Please wait you will be redirected shortly.
We’ll send you a link to create a fresh password.
We’ve sent an email with instructions to create a fresh password. Your existing password has not been switched.
Sorry, we could not verify that email address. Inject your email below, and we’ll send you another email.
Check your email for a link to verify your email address.
Thank you for verifiying your email address.
Password Switched
Your password has been successfully updated.
Create Fresh Password
We didn’t recognize that password reset code. Inject your email below, and we’ll send you another email.
Create Fresh Password
We’ve sent you an email with instructions to create a fresh password. Your existing password has not been switched.
Car Hacking: Here’s Code, Have at It
8/7/2013 06:05 PM EDT
Two white hats who checked out how to hack into the network of ECUs used in modern cars have now released all the code and contraptions they used in a 100-page technical paper.
MADISON, Wis. — News stories about hackers successfully taking control of cars, using old Nintendo game pads, have been popping up on the Internet over the last few weeks.
The car hackers were actually two security researchers — Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive. These two white hats used a grant from the Defense Advanced Research Projects Agency (DARPA) to suss out how to hack into the network of electronic control units (ECUs) used in modern cars and see what mischief they could do once they gained access.
The cars they hacked into were a two thousand ten Ford Escape and a two thousand ten Toyota Prius.
The methods they used were unveiled last Friday at Def Con, a security conference, in Las Vegas. The two researchers also posted a 100-page technical paper here.
Obviously, Miller and Valasek didn’t do this just for the heck of it, or even for the sake of media attention.
In the tech paper, the two researchers make clear that they released “all technical information needed to reproduce and understand the issues involved including source code and a description of necessary hardware.”
Also acknowledged by Miller and Valasek was the genesis of their work in earlier research by a team at the University of Washington. Collaborating with colleagues from the University of California-San Diego, they put together a technical paper entitled “Comprehensive Experimental Analyses of Automotive Attack Surfaces.”
The same tech paper was quoted in EE Times’ previous story, How Hackers Can Take Control Over Your Car.
The work at Washington and Cal-San Diego was tightly circumscribed. It “was meant to only demonstrate the existence of such threats” of malicious deeds that could affect the safety of automotive systems, wrote Miller and Valasek in their tech paper. “They did not release any code or instruments. In fact, they did not even expose the model of automobile they studied.”
So, the mission Miller and Valasek undertook in their latest exercise was to “expand on the idea” of the previous research and “to demonstrate how on two different vehicles that in some circumstances we are able to control the steering, braking, acceleration and display.” The two researchers are also proposing a mechanism to detect these kinds of attacks in their paper.
(Source: tech paper authored by Charlie Miller and Chris Valasek)
In all fairness, in their demo, Miller and Valasek took over some of the car’s systems using a laptop computer connected to its OBD (on-board diagnostic) port, before they went out to drive it using a video-game controller.
