Modern cars are wired to support our favorite gadgets and be Internet-ready — and hackers are showing that this presents unique problems. Less than a month after two hackers ran a demonstration where they took control of a Jeep Cherokee via the Internet, a team of researchers has shown that savvy hackers could cut the brakes on a Corvette from a distance using technology that is standard on many dashboards today.
The team, which hails from the University of California at San Diego, told Wired about their findings, which they presented this week at the Usenix security conference. The technology in question? A cheap plugin device, about 2 inches square, used by trucking and insurance companies to track a vehicle’s speed and location. The team showed that hackers could potentially send “carefully crafted SMS messages” to the device, which would then be sent to the car’s internal operating systems, enabling the hackers to control many of the car’s functions, including but not limited to “cutting” its brakes.
As shown in the video, a clever hacker could easily handle all of this from their smartphone.
The Consumerist notes that General Motors is not the only company feeling the pressure as these security issues are being uncovered. In addition to the aforementioned Jeep (which is under the Fiat Chrysler umbrella), Tesla has also found itself facing scrutiny after having its cars tested and found wanting security-wise by hackers. And as more and more companies are requiring these devices as standard for security or insurance reasons, more and more drivers are potentially at risk. However, the “hackers” — or researchers, rather — are quick to point out that the true problem lies less with the car manufacturers themselves and more with the devices.
Mobile Devices, the creators of the Metromile dongle, claims that they put out security patches after hearing of the hackers’ results. But a quick search online revealed that, despite this, there are still thousands of at-risk vehicles on the road. And it wouldn’t take long for hackers to target a variety of cars — not just Corvettes — provided a device like the dongle gave them access.
The UCSD research team also makes it clear that hackers targeting one’s car could only cut the brakes when the car in question is going at a relatively low speed due to limitations on the car’s internal computer. However, they also note that it would be possible to adapt the code to take over other elements, such as power locks and even steering.
Chevrolet has yet to offer a comment on the hackers’ experiment or the security of their vehicles.
[Image: Michael Gil / Wikimedia Commons]