Top gear: Researchers used software called "Carshark" to access a car’s computer systems. This allowed them to control the dashboard display and the car's engine—and they fear hackers could do the same in the future.
Center for Automotive Embedded Systems Security
Interconnected computer systems provide openings for attackers.
This week researchers will present a study showing what could happen if a determined hacker went after the computer systems embedded in cars. The researchers found that, among other things, an attacker could disable the vehicle's brakes, stop its engine, or take control of its door locks. All the attacker needs is access to the federally mandated onboard diagnostics port-- located under the dashboard in almost all cars today.
The researchers point to a recent report showing that a typical luxury sedan now contains about 100 megabytes of code that controls 50 to 70 computers inside the car, most of which communicate over a shared internal network.
"In a lot of car architectures, all the computers are interconnected, so that having taken over one component, there's a substantive risk that you could take over all the rest of them. Once you're in, you're in," says Stefan Savage, an associate professor in the department of computer science and engineering at the University of California, San Diego, who is one of the lead investigators on the project.
The researchers say that their work shouldn't yet be a cause for alarm, mainly because the exploits require access to the inside of a vehicle. But some of these systems can be accessed remotely, and the trend is to add even more wireless connectivity--for example, wireless automatic crash-response systems. The researchers say that other systems, such as satellite radios and remote-controlled door openers, could also become entry points.
Car systems have surprising interconnections, Savage says. For safety reasons, cars are programmed to unlock the doors after the airbags deploy to help potentially injured passengers exit the vehicle. This turns out to create a connection between the door-locking system and the crash-detection system that an attacker could theoretically exploit.
The researchers investigated the computing systems inside a car without any special knowledge from the manufacturer. They started out by pulling out the hardware and running standard security testing attacks such as fuzzing, which tests software with random input to see if it's possible to induce any glitches or strange behavior. They used the information they gained to craft attacks that could take over and control systems on the car's internal network. They tested their attacks on an immobile car before performing road tests to ensure that their attacks were practical in the real world.
Tools that find serious bugs automatically could lead to safer, more stable software.
Voltage is the difference of electrical potential between two points of an electrical or electronic circuit, expressed in volts. It measures the potential energy of an electric field to cause an electric current in an electrical conductor.
Most measurement devices can measure voltage. Two common voltage measurements are direct current (DC) and alternating current (AC).
Learn the fundamentals of creating an AC or DC voltage measurement system. See how to properly connect the signals to your data acquisition system for accurate acquisition.
This document is part of the How-To Guide for Most Common Measurements centralized resource portal.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed