Modern vehicles are equipped with everything from GPS modules to Bluetooth-enabled cellular systems. But researchers have found that the electronic gadgets that make our lives easier may also make our cars easier to steal. A team of engineers from the University of California, San Diego and the University of Washington has figured out how to break into a typical sedan by hacking into the car's internal computers. Here, a brief guide:
Is it really possible to hack a car?
Yes. Scientists first managed to do it last year, using the onboard diagnostic port which is located under the dashboard of almost all modern cars. By plugging in a laptop, they were able to kill a car's engines, lock its doors, turn off its brakes, and fake speedometer readings. Now, the same group of researchers managed to hack into a 2009 sedan without even entering the car.
How many computers does a modern car typically have?
A typical luxury sedan contains about 100 megabytes of code controlling between 50 and 70 tiny computers inside the car. These tend to communicate over a shared network, which is why it's so easy for hackers to take control of a car. "Once you're in, you're in," says Stefan Savage, a UCSD computer scientist who helped conduct the research.
How did they break in wirelessly?
Using the car's CD player. By adding a few lines of code to a digital music file, the researchers were able to turn a song burned onto a CD into a "Trojan horse" virus. When the CD was played on the in-car stereo, the virus accessed its computer system and gave the would-be hackers an entry point.
Wait, wouldn't a thief need to get his CD inside the car before stealing it?
In this case, yes. But researchers also found a way in by hacking the car's cellular security and assistance system — the kind of in-car computer offered by GM's OnStar service, for example. The engineers made around 130 calls to the car, and uploaded a virus by playing 14 seconds of infected audio.
This sounds like pretty high-tech stuff. Wouldn't it be way over the head of most car thieves?
It certainly would, says Savage. Petty larcenists aren't going to be hacking into your car anytime soon. "This took 10 researchers two years to accomplish," he said. "It's not something that one guy is going to do in his garage." But more-sophisticated criminal networks could make use of the technology.
How can these thieves be stopped?
Carmakers are reportedly taking these security issues "very seriously," say the researchers, but haven't said what they plan to do to make their computer systems unhackable. Luckily, says Robert McMillan at PCWorld, they have built-in security against widespread hacking, in that cars' electronic control units are never mass-produced. "Even though an attack might work on one year and model of vehicle," McMillan says, "it's unlikely to work on another."
Sources: Discover, PCWorld, Technology Review (2)
