Wireless kit: The equipment used to hijack a car’s tire sensors included a laptop, a programmable radio transceiver, and a custom circuit board, which, taken together, cost around $1,500.
University of South Carolina/ Rutgers University
Researchers figure out how to hijack sensor communications.
Hackers could "hijack" the wireless pressure sensors built into many cars' tires, researchers have found. Criminals might then track a vehicle or force its electronic control system to malfunction, the University of South Carolina and Rutgers University researchers say.
The team, which successfully hijacked two popular tire-pressure-monitoring systems (TPMS), will describe the work at the USENIX Security conference in Washington, DC, this week.
The tire-sensor attack poses little immediate risk to drivers. However, in recent months, research groups have identified other security weaknesses in vehicle electronics systems. As automakers add more powerful computers to cars, and connect those computers to critical components, in-car systems will need to be secured against hackers, experts warn.
A TPMS consists of sensors inside a car's tires that measure pressure, and a central wireless antenna--or an antenna in each wheel in more expensive vehicles. An electric control unit (ECU) picks up the signal, and a warning light on the automobile's dashboard warns a driver when tire pressure has dropped. As well as calculating pressure changes, the ECU filters out noise from sensors in neighboring cars, and compensates for pressure changes due to temperature. The TREAD Act, which Congress passed in 2008, mandates that all new vehicles produced or sold in the United States after that year are required to have this technology.
Using equipment costing $1,500, including a programmable radio transmitter, a specialized circuit board, and free software, the South Carolina-Rutgers team could pick up a car's tire pressure readings. The researchers deciphered the communication protocol by experimenting with different parameters of the radio transmission.
The systems tested by the South Carolina-Rutgers team had very little security in place--they mainly relied on the fact that the communications protocol is not widely published. "In doing TPMS this way, [automakers] have left the door open to wireless attackers," says Travis Taylor, one of the paper's authors.
The team could eavesdrop on communications and, in some circumstances, alter messages in-transit. That let the team give false readings to a car's dashboard. They could also track a vehicle's movements using the unique IDs of the pressure sensors, and even cause a car's ECU to fail completely.
"Normally, these [attacks would] result in small problems," Taylor says. "But I see practical danger and damage that can happen from TPMS exploitation."
A trial involving thousands of cars could pave the way for technology aimed at cutting accidents and traffic jams.
Recent infighting has done little to explain how Anonymous operates—or what drives it.
Who is in control of your car?
I just wanted to widen the scope of the topic a bit and ask if we will ever be totally in contol of our cars again. The Toyota accelerator issue is one aspect and this article is another:
http://www.nydailynews.com/news/2008/01/27/2008-01-27_empire_state_building_car_zap_mystery.html
How do we know if infrequent malfunctions are random, systemic or environmental? Then there is the desire of law enforcement to put a kill switch in. I may just have to get a horse...
Re: Who is in control of your car?
If you have OnStar, the "kill switch" is already available. There are TV ads showing how law enforcement can cut the fuel feed to a stolen vehicle reported by an owner until that vehicle slows down and eventually stops. OnStar is a much more potent hack avenue, because it permits access to the engine management and safety systems, e.g. disabling airbags, brakes, then constant acceleration a la "Speed". Or a hacker could overload an emergency response by reporting multiple accidents to create a diversion. Or maybe I just watch too many movies.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
rsole
4 Comments
AND WHAT?
Can you hack the communications between a tire sensor and its central unit. Sure! And what?
Does anyone need high technology encription for such a communication? I won't pay any additional penny for it on my car.
BTW, everybody can "hack" the real air pressure of a tire by releasing the air inside, but nobody cares so much. Actually some teenagers like that "hack" a lot. I've never seen a tire with a lock on it.
Reply
Wunderbarb
11 Comments
Re: AND WHAT?
As said in the paper, the importance is not too much on this specific hack that is rather benign. The consequences are at the most annoying.
This hack stresses that security is not taken into account in the design of the electronics of the car (or at least not properly). For decades, the automotive has concentrated on safety (and this is of course good). Unfortunately, with the new designs using wireless sensors, security becomes a potential threat. You do not need any more physical access to interfere with an engine. Very similar to what happened when in the computer world, we introduced wireless connections.
Unfortunately, this lack of security is very common. Security conferences have regular exploits on non IT devices. My preferred one was against pacemakers (see http://eric-diehl.com/blog/?x=entry:entry080515-173058). Is it a danger? With the ubiquitous connected world coming, most probably yes in some years.
Reply
ms
190 Comments
Re: AND WHAT?
Suppose a carjacker wanted to carjack your car. If he could convince you to pull over and get out of your car to check a tire, you'd become easy prey. This hack could help him do that.
Reply
Wunderbarb
11 Comments
Re: AND WHAT?
It seems thta the researchers themselves downplay the "usability" of the hack.
"One hurdle is that the tire sensors communicate infrequently--about once every 60 to 90 seconds--making it difficult to manipulate the system, especially if a vehicle is moving...". It may be feasible with a static car, in a locationwithout any other cars... But in these conditions, thieves have other simpler means for carjacking.
Reply
magic3400
2 Comments
Re: AND WHAT?
"Does anyone need high technology encription for such a communication? I won't pay any additional penny for it on my car."
The simple answer to this simple question is "yes".
Why?
Because a thief could sit in a parking lot next to your car and simply follow you home by following your tire signals (or another hacked signal) and you would never know you are being followed. Home invasion to follow and "hopefully" the only thing taken is property.
...and if they hack you OnStar account they don't even have to follow you, they may already have been there.
Funny how some people only see the small picture.
Reply