Hack a car? Easy as 1-2-3 and very cheap: Researchers
Hacking a car now is way easier than you think, per researchers.
Spanish security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to present a tiny gadget at the Black Hat Asia security conference in Singapore in March this year, which they claim can hack a vehicle. The gadget costs less than $20 and can be physically connected to a car's internal network to input malicious commands, which may affect the windows, steering, brakes and more.
The hacking device can be connected to the car's Controller Area Network or CAN bus system of a vehicle using just four wires. The gadget can get power from the vehicle's electrical system and receive wireless commands sent remotely by a hacker. The researchers call the gadget a CAN Hacking Tool (CHT).
"It can take five minutes or less to hook it up and then walk away," says Vazquez-Vidal, who also works as an automobile IT security consultant in Germany. "We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do."
The researchers say that the type of command that can be sent remotely with the CHT depends on the model of car. The duo claim that they have also tested the gadget on four different vehicles and were able to send commands such as switching off headlights, setting off alarms, rolling windows up and down, and mor e, remotely. The researchers declined to disclose the details of the vehicles they used for testing.
The gadget takes only a few simple steps to get installed on a vehicle and it can also access anti-lock brake or emergency brake systems of a car, which may be dangerous.
The researchers added that the CHT communicates only via Bluetooth, which limits the range of the wireless attack on a vehicle. However, the duo claims that they can also upgrade the gadget to use a GSM cellular radio, which can enable a hacker to control of a car from miles away.
The hardware required to build the gadget are off-the-shelf components. Even if a person finds the CHT installed on a car it may not give information on who installed the device on the vehicle.
This is not the first instance that researchers are highlighting the lack of security in the CAN bus system. In July 2013, researchers Charlie Miller and Chris Valasek were able to demonstrate a system using a laptop, which gave them access to some control aspects of a car.
"A car is a mini network," says Garcia Illera. "And right now there's no security implemented."