TR Editors' blog

Researchers Hijack a Car's Brakes and Engines

Though the attack now requires physical access to the car, the researchers warn about the dangers of future network-connected cars.

Erica Naone 05/14/2010

  • 13 Comments

Never mind faulty electronic accelerators--researchers have now shown how to hijack a car's electronic system, overriding the driver's control over both its brakes and engine.

The recent controversy concerning flaws in Toyota's electronic throttle systems shows how serious the results can be when the embedded systems in automobiles go awry. Researchers from the University of Washington and the University of California San Diego are now looking at what can happen when those systems are attacked maliciously.

These efforts are described in a report from the Center for Automotive Embedded Systems Security, a new research center formed to explore emerging automotive technology. The work will be presented next week at the IEEE Symposium on Security and Privacy in Oakland, CA. The researchers say that, assuming an attacker has physical access to the interior of the car they studied, she could take control of many of its computerized systems.

The researchers write:

In live road tests, we were able to forcibly and completely disengage the brakes while driving, making it difficult for the driver to stop. Conversely, we were able to forcibly activate the brakes, lurching the driver forward and causing the car to stop suddenly. We were also able to control the lighting within the cabin, the external lighting, the vehicle's dash, and so on.

The researchers tested two makes and models of modern cars, but they expect the security problems they found will affect other vehicles.

They emphasize that car owners shouldn't be alarmed, however, because the attacks require physical access to the interior of a vehicle. Their main concern is a growing trend in the automotive industry to fit automobiles with external wireless connections. Just as security problems in desktop computers became more significant with the advent of broadband, network-connected cars could be a bigger target, the researchers say.

Print

Close Comments

To comment, please sign in or register

Forgot my password

Marrach

34 Comments

  • 634 Days Ago
  • 05/14/2010

Oh goody. . .

    Just another thing I kinda wish we really didn't know was possible.

   New High Octane Terrorist Plot Action Movie in 5. . .4. . .3. . .2. . .1. . .

Reply

erbium

337 Comments

  • 634 Days Ago
  • 05/14/2010

Not so impressive

If I have physical access to ANY care, computerized or not, I can 'HIJACK' the brakes by draining the brake fluid, cutting emergency brake line, removing the coil or spark plug wires or many other low-tech methods.

Hopefully they'll keep remote access from doing this when cars become networked.   There's alot of useful stuff being networked could do:  download engine or transmission alerts to user, track gas purchases, repairs.  Keep track of distances of places you drive to, and my fav, the 'robo-driver', which you would simply tell to drive you somewhere and it would.   The consumer version of the darpa races of ai cars.

Reply

AjoyBhatia

2 Comments

  • 631 Days Ago
  • 05/17/2010

Re: Not so impressive

"Hopefully they'll keep remote access from doing this when cars become networked."

The keyword above is Hopefully. Judging from security hacks on the Internet, my hopes are not very high. The risk-to-reward ratio may be low when you are just on a desk and logged on, but in a car and network-connected... er.. no, thanks. I can drive myself, thank you.

Reply

devassocx

110 Comments

  • 631 Days Ago
  • 05/17/2010

hacking car electronics

I just want to know if there is somebody else
I can sue about all of this.

Reply

Centuno

1 Comment

  • 631 Days Ago
  • 05/17/2010

Network security and Information security assessment

In this competitive edge you need best security and safety solutions for your valuable data and in the market there are so many companies providing security services but you need the best Network Security Solutions and Information Security Assessment so centunosolutions.com is the perfect name for all the Penetration testing.

Thanks
centunosolutions.com

Reply

c_floryan

5 Comments

  • 631 Days Ago
  • 05/17/2010

Why?

... And why exactly do we need "network connected" cars??

Reply

fiberman

185 Comments

  • 631 Days Ago
  • 05/17/2010

Re: Why?

For a start, emission controls. The engine network senses temp, RPM, atmospheric pressure, manifold pressure, etc. crankshaft position, then controls the fuel injection, ignition timing, valve timing, throttle body, if there is one, and communicates with other networks in the car (via networks like Flexray), like the ones controlling antilock brakes and stability control. In some cars, it even controls the steering (high end BMWs). The results, emissions are 2000 times lower than 4 years ago (that's not a type, 2000 times), fuel economy would be much higher but the car companies responded to greater efficiency by making more HP instead of reducing consumption. Some high performance cars today, like Mercedes AMG cars, BMWs M cars, Porsches, etc. would be completely undriveable without these systems. In 1980, BTW, half of all the Porsches wrecked were wrecked in the first month of ownership.
BTW, there are also networks that control all the comm and entertainment systems too. (MOST)

Reply

Advertisement

AjoyBhatia

2 Comments

  • 631 Days Ago
  • 05/17/2010

Re: Why?

@fiberman:
Your reply only talks about the networks within a car (like a LAN). The discussion here and the comment to which you replied is all about cars connected to external networks accessible to the public i.e. Internet.

Reply

fiberman

185 Comments

  • 631 Days Ago
  • 05/17/2010

Re: Why?

Excellent point. Suspicion was raised several years ago that the GM system could be used to eavesdrop on the car. Other similar systems are probably like that too. And the desire is to connect these car networks to the Internet to allow two way communications, perhaps even control traffic.
Remember that all these automotive networks, more than half-dozen of them using upwards of 100 microprocessors, interact.
I'm sure you are aware that you can get ECU reprogrammers for getting more power out of engines and the ECU is often reprogrammed when you take your car in for service? Courts even subpoena the systems to get accident data stored in OBD-II cars.

Reply

garylynn

43 Comments

  • 631 Days Ago
  • 05/17/2010

"Random" acceleration events

I have wondered if the Prius acceleration events are environmentally caused-- driving into a electromagnetic field of some kind (there are lots of sources-- radio stations, cell towers, particle accelerators) corrupts the right bits in a control signal in the CPU telling it to GO!
Just a thought...

Reply

fiberman

185 Comments

  • 631 Days Ago
  • 05/17/2010

Re: "Random" acceleration events

Designers have been aware of these problems since the first fly-by-wire systems were deployed several decades back. There were rumors of problems with some helicopters prompting changing to fly-by-light systems.
But today, I doubt it's a big issue. And even automotive systems are using some fiber.

Reply

arnetwork

85 Comments

  • 631 Days Ago
  • 05/17/2010

high tech vs. low tech

The difference between current low tech methods of sabotaging a car and prospective future high tech methods is great.

It is true that I can cut the brake lines and allow the brake fluid to slowly drain out. What I can't do is specify exactly when and under what conditions the brakes will fail. By programming it into the car I can make the brakes fail after 3 days from now when the car is at speed on a 10 per cent decline. I can also make the engine accelerate at the same time while making the electronic transmission unresponsive to manual control and the ignition control irrelevant.

There will be no obvious signs of tampering and only a complex forensic analysis of the internal computer settings will show what was done. There is no low tech equivalent to capturing the computer control of a wired automobile.

Reply

mattgroom

286 Comments

  • 623 Days Ago
  • 05/25/2010

deceleration

You dont see it often because people like their automatics. But in a manual you can use the gear box in deceleration as well, and the gear box is the best thing on a decline btw, you set your gear and the speed will never go over that vehicles geared limit.

Another thing is spacing between cars, thats the cause of a majority of minor incidents and the main cause of major incidents is drunk driving or similar. Speeding is less than 1% of the problem and yet 99% of revenure from it.

I dont think cutting the brakes for a manual driver will make that much difference, i myself would easily be able to stop my manual car on a decline with no brakes and relatively safely.

But I agree id never buy a networked vehicle..ever.

Reply

About

Insights, opinions, and our editors' analysis of the latest in emerging technologies.

Subscribe to the TR Editors' blog RSS Feed

Advertisement

Recent Posts From
TR Editors

Blog Topics

ces 2012 gesture GPS OLED patents SCOTUS Supreme Court White Spaces

Advertisement

Facebook

Advertisement