If you’re at all the slightest bit skeptical of the emerging capability of hackers to take control of your electronic devices, then don’t watch this video. Why? Because you may never drive your car again after you see how a couple of government-funded tech guys were able to hack into, and take control of, one reporter’s vehicle — while he was driving it.
The experiment was the product of Forbes reporter Andy Greenberg, who wanted to see just how vulnerable cars are to hacking by Charlie Miller and Chris Valasek, two researchers who received an $80,000 grant from the Pentagon’s research wing, DARPA, to study such vulnerabilities. The scary answer — shown in a video report — to how vulnerable is “very.”
Take for example that Miller, while plugged into the car’s computer system in the back seat — could do things like change how much fuel the car appears to have, alter the speedometer reading, actually turn the steering wheel, honk the horn, and even mess with the brakes:
Greenberg describes the capabilities of the hackers this way [emphasis added]:
As I drove their vehicles for more than an hour, Miller and Valasek showed that they’ve reverse-engineered enough of the software of the Escape and the Toyota Prius (both the 2010 model) to demonstrate a range of nasty surprises: everything from annoyances like uncontrollably blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds. They sent commands from their laptops that killed power steering, spoofed the GPS and made pathological liars out of speedometers and odometers. Finally they directed me out to a country road, where Valasek showed that he could violently jerk the Prius’ steering at any speed, threatening to send us into a cornfield or a head-on collision.
“It’s quite terrifying when you don’t have brakes, right?” Miller jokes at one point. He then proceeds to turn them off, sending the car into the weeds.
“That’s the attack that crashed me into my garage,” Valasek admits.
“When you lose faith that a car will do what you tell it to do, it really changes your whole view of how the thing works,” Miller tells Greenberg. Here’s the video:
Miller is a 40-year-old security engineer at Twitter and Valasek is the 31-year-old director of security intelligence at IOActive, a consulting firm in Seattle. The duo plans on releasing their findings at the Defcon hacker conference in Las Vegas, August 1-4.
And don’t think that just because the duo hacked the controls while physically in the car that you should feel safe. Prior research has shown wireless access is as easy as using a car’s CD player [emphasis added]:
But Miller and Valasek’s work assumed physical access to the cars’ computers for a reason: Gaining wireless access to a car’s network is old news. A team of researchers at the University of Washington and the University of California, San Diego, experimenting on a sedan from an unnamed company in 2010, found that they could wirelessly penetrate the same critical systems Miller and Valasek targeted using the car’s OnStar-like cellular connection, Bluetooth bugs, a rogue Android app that synched with the car’s network from the driver’s smartphone or even a malicious audio file on a CD in the car’s stereo system.
“Academics have shown you can get remote code execution,” Valasek, told Greenberg. “We showed you can do a lot of crazy things once you’re inside.”
Forbes sums up just what that consists of in a graphic:
The capability comes at a time when some are theorizing the car-accident death of journalist Michael Hastings is suspicious. Hastings is the former Rolling Stone reporter who died in a fiery car wreck this summer after apparently sending an email that he was working on a big story. He is also the journalist whose reporting led to the resignation of Gen. Stanley McChrystal.
To be clear, neither Forbes nor the researchers insinuated their work could explain the crash. But many will certainly find it interesting.
“Imagine you’re driving down a highway at 80 ,” Valasek tells Greenberg in his report. “You’re going into the car next to you or into oncoming traffic. That’s going to be bad times.”
Read the fascinating report from Forbes.