SALON

Tuesday, Jun 25, 2013 6:50 PM UTC

Hacking a car is way too easy

Could Michael Hastings' car crash have been caused by a remote attack? Technically, yes

By

Topics: Michael Hastings, Richard Clarke, car hacking, Hacking, Security,

Hacking a car is way too easy (Credit: Henrik5000 via iStock/Salon)

Conspiracy theories about the cause of the car crash that killed investigative reporter Michael Hastings on June 18 started sprouting immediately after the news of his death broke. So far,  no conclusive evidence supports foul play, but on Monday, counterterrorism expert Richard Clarke made news when he told the Huffington Post that the circumstances of Hastings’ car chase were “consistent with a car cyber attack.”

While hastening to state that he was not saying he believed the crash was a purposeful attack, Clarke did observe, reported the Huffington Post, that “‘There is reason to believe that intelligence agencies for major powers’ — including the United States — know how to remotely seize control of a car.”

Clarke served during both Bush presidencies and under Bill Clinton, so presumably he wasn’t speaking completely off the cuff. But just what is a “car cyber attack”?

The answer can be found in two alarming papers by researchers at the University of Washington and the University of California, San Diego, “Experimental Security Analysis of a Modern Vehicle,” and Comprehensive Experimental Analyses of Automotive Attack Surfaces.

Taken together, the papers make for scary reading. In the first the researchers demonstrate that it is a relatively trivial exercise to access the computer systems of a modern car and take control away from the driver. The second demonstrates that such mayhem can be achieved remotely, via a variety of methods. The inescapable conclusion: The modern car is a security disaster.

Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled bydozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks… We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.

We have endeavored to comprehensively assess how much resilience a conventional automobile has against a digital attack mounted against its internal components. Our findings suggest that, unfortunately, the answer is “little.”

The researchers’ findings are not theoretical. They were able to attack a 2009 model sedan and render its brakes ineffective while a test driver was operating the car.

The computerization of the modern car has been aggressively evolving for decades. (Ironically, the researchers credit California’s clean air laws in the 1970s with providing the first incentive for moving car engines into the digital era.) But it might come as a surprise to the average person just how interconnected and accessible today’s high-tech cars are. “Such [computer] systems have been integrated into virtually every aspect of a car’s functioning and diagnostics, including the throttle, transmission, brakes, passenger climate and lighting controls, external lights.”

There turn out to be multiple pathways for car hackers. Diagnostic tools used by mechanics can give hackers laptop access to critical systems. If an attacker is able to get a music file preloaded with malware onto your iPod, just plugging it into a car’s USB port could give that attacker full access. Nearly all new cars now have two-way cellular capability necessary for such systems as GM’s On-Star that are purposely designed to faciliate access to all-important systems.

Your car, ultimately, might be more vulnerable to attack than your computer or smartphone, because there’s little evidence that there has been any systematic thought devoted to vehicle cyber-security. Quite the opposite. Cars are increasingly designed to allow remote access via a variety of input systems.

Just one more reason why we should all be riding bikes.

Andrew Leonard

Andrew Leonard is a staff writer at Salon. On Twitter, @koxinga21. More Andrew Leonard.

You Might Also Like

More Related Stories

Featured Slide Shows

7 motorist-friendly camping sites

close X
  • Share on Twitter
  • Share on Facebook
  • Thumbnails
  • Fullscreen
  • 1 of 9

Sponsored Post

  • White River National Forest via Lower Crystal Lake, Colorado
    For those OK with the mainstream, White River Forest welcomes more than 10 million visitors a year, making it the most-visited recreation forest in the nation. But don’t hate it for being beautiful; it’s got substance, too. The forest boasts 8 wilderness areas, 2,500 miles of trail, 1,900 miles of winding service system roads, and 12 ski resorts (should your snow shredders fit the trunk space). If ice isn’t your thing: take the tire-friendly Flat Tops Trail Scenic Byway — 82 miles connecting the towns of Meeker and Yampa, half of which is unpaved for you road rebels.
    fs.usda.gov/whiteriveryou


    Image credit: Getty

  • Chattahoochee-Oconee National Forest via Noontootla Creek, Georgia
    Boasting 10 wildernesses, 430 miles of trail and 1,367 miles of trout-filled stream, this Georgia forest is hailed as a camper’s paradise. Try driving the Ridge and Valley Scenic Byway, which saw Civil War battles fought. If the tall peaks make your engine tremble, opt for the relatively flat Oconee National Forest, which offers smaller hills and an easy trail to the ghost town of Scull Shoals. Scaredy-cats can opt for John’s Mountain Overlook, which leads to twin waterfalls for the sensitive sightseer in you.
    fs.usda.gov/conf


    Image credit: flickr/chattoconeenf

  • Nordhouse Dunes Wilderness Area via Green Road, Michigan
    The only national forest in Lower Michigan, the Huron-Mainstee spans nearly 1 million acres of public land. Outside the requisite lush habitat for fish and wildlife on display, the Nordhouse Dunes Wilderness Area is among the biggest hooks for visitors: offering beach camping with shores pounded by big, cerulean surf. Splash in some rum and you just might think you were in the Caribbean.
    fs.usda.gov/hmnf


    Image credit: umich.edu

  • Canaan Mountain via Backcountry Canaan Loop Road, West Virginia
    A favorite hailed by outdoorsman and author Johnny Molloy as some of the best high-country car camping sites anywhere in the country, you don’t have to go far to get away. Travel 20 miles west of Dolly Sods (among the busiest in the East) to find the Canaan Backcountry (for more quiet and peace). Those willing to leave the car for a bit and foot it would be remiss to neglect day-hiking the White Rim Rocks, Table Rock Overlook, or the rim at Blackwater River Gorge.
    fs.usda.gov/mnf


    Image credit: Getty

  • Mt. Rogers NRA via Hurricane Creek Road, North Carolina
    Most know it as the highest country they’ll see from North Carolina to New Hampshire. What they may not know? Car campers can get the same grand experience for less hassle. Drop the 50-pound backpacks and take the highway to the high country by stopping anywhere on the twisting (hence the name) Hurricane Road for access to a 15-mile loop that boasts the best of the grassy balds. It’s the road less travelled, and the high one, at that.
    fs.usda.gov/gwj


    Image credit: wikipedia.org

  • Long Key State Park via the Overseas Highway, Florida
    Hiking can get old; sometimes you’d rather paddle. For a weekend getaway of the coastal variety and quieter version of the Florida Keys that’s no less luxe, stick your head in the sand (and ocean, if snorkeling’s your thing) at any of Long Key’s 60 sites. Canoes and kayaks are aplenty, as are the hot showers and electric power source amenities. Think of it as the getaway from the typical getaway.
    floridastateparks.org/longkey/default.cfm


    Image credit: floridastateparks.org

  • Grand Canyon National Park via Crazy Jug Point, Arizona
    You didn’t think we’d neglect one of the world’s most famous national parks, did you? Nor would we dare lead you astray with one of the busiest parts of the park. With the Colorado River still within view of this cliff-edge site, Crazy Jug is a carside camper’s refuge from the troops of tourists. Find easy access to the Bill Hall Trail less than a mile from camp, and descend to get a peek at the volcanic Mt. Trumbull. (Fear not: It’s about as active as your typical lazy Sunday in front of the tube, if not more peaceful.)
    fs.usda.gov/kaibab


    Image credit: flickr/Irish Typepad

  • As the go-to (weekend) getaway car for fiscally conscious field trips with friends, the 2013 MINI Convertible is your campground racer of choice, allowing you and up to three of your co-pilots to take in all the beauty of nature high and low. And with a fuel efficiency that won’t leave you in the latter, you won’t have to worry about being left stranded (or awkwardly asking to go halfsies on gas expenses).


    Image credit: miniusa.com

  • Recent Slide Shows

  • Share on Twitter
  • Share on Facebook
  • Thumbnails
  • Fullscreen
  • 1 of 9

Related Videos

Comments

Loading Comments...

follow salon

Most Read

Popular on Reddit

links from salon.com

From Around the Web

Presented by Scribol
listener_new_rect The Listener: "The Joker": Laughing at life's deepest sorrows