Who is Really Driving?

It’s no secret that the computer systems on vehicles have made great strides over the years. Over the course of time from the very first vehicle that had an onboard computer system ( 1968 Volkswagen) all the way to the present, the on board diagnostic system of cars have gone from an interesting luxury to making vehicles a computer on wheels. The things that a computer system allows you to do with your cars nowadays are simply astounding. While there is still a lot to be determined as to how far these vehicle computer systems will go, one thing is for sure, with more computer interactivity comes more potential attack vectors for attackers.

The recent increase in attack vectors of vehicles have been spurred on by tons of research and testing. A lot of tests have been run on vehicles lately to determine just how much control a hacker could get over a vehicle remotely and the answer is, a whole lot. From controlling something as harmless as the radio to taking over the entire car and ensures the brakes do not work properly, it can all be done remotely. A good reflection of the vulnerabilities that lie within a cars computer system is shown within Andy Greenberg’s article which I am going to use primarily to show you the potential for complete takeover that lie within a cars computer system.

This article is about the recent exploits found in the latest model of Chrysler vehicle’s by Charlie Miller a security engineer at twitter and Chris Valasek a director of vehicle safety research at IOActive. According to most of my research a singular area of weakness within vehicles is the CAN. CAN stands for (Controller Area Network) and it is an inexpensive low-speed serial bus for interconnecting automotive components. In this particular test the hackers got into the cars computer system via another attack vector, however in order to carry out any kinds of command or attack they had to first pivot to the CAN. Once they had reached the CAN they were able to perform numerous different tasks against the drivers will. They started with something small such as turning on all of the fans in the car and turning the radio all the way up. All the way up to making the vehicle slow from 70 mph to a slow crawl on the highway.

It is no secret that cars are becoming increasingly vulnerable, however in order to prevent this from becoming a bigger problem we must educate everyone. A lot of the payloads along with strategies for taking over vulnerable vehicles have not yet been released, however at Defcon this year it was said that some insight into the technical commands that are required to take over a car will be shared before the end of the year. That information will prove vital towards us patching the cars computers as well as strengthening them for the future.

Yea it was more fun and games in this exhibit however, out in the real world hackers are using these vulnerabilities with much worse intentions. A few months ago a hacker followed a potential victim on the highway and was able to get into his CAN system and trigger the low tire pressure light. When the driver pulled over to inspect his tires he was then robbed by the hacker at gunpoint.  While these instances seem farfetched, they happen and are definitely capable of happening numerous times if people are not informed on best course of action.

To think that only 2 years ago we did not know how to hack vehicles without being directly connected to them. Now that we can do it wirelessly who know where we will be in the next 2 years. The researchers were able to control all dashboard and transmission based actions and have said that they are now working toward perfectly steering wheel control. Once that has been figured out the level of severity that lie within this vulnerability will sky rocket. It is one thing for a hacker to take the car over and shut things down, however if they are able to take over the steering wheel, you then just become a helpless pawn for whatever they want to do. That is a very scary and helpless feeling that could come to fruition if we don’t take back control and ensure that only the person behind the wheel of the vehicle has control.

Fabrice Mouret