Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Cars are becoming more computerized, an evolution that could have an unintended side effect: vulnerability to attacks. Researchers at the University of Washington and the University of California, San Diego, led by Tadayoshi Kohno and Stefan Savage, recently showed that by taking over a car’s computers, they could disable the brakes, stop the engine, and control the door locks. For now, most of the attacks require access to a port inside the car. But wreaking havoc could get easier as carmakers add more wireless connectivity. The researchers hope their work will motivate manufacturers to add security features.

A. Computerized Systems

A typical luxury sedan contains 50 to 100 computers controlled by over 100 megabytes of code. Most of these computers communicate over a shared internal network. These systems have surprising interconnections that attackers could exploit, the researchers say. For example, in many cars, the door locking system and the crash detection system are linked. That means an attacker who takes over the locks may get access to key internal systems.

B. Onboard Diagnostics Port

U.S. law mandates an onboard diagnostics port, which is located under the dashboard in most cars. The researchers gain access to the car’s computer systems by plugging into it.

C. Communications Cable

The researchers used this cable to connect to the car’s high-speed communications network, which contains the engine control module, the electronic brake control module, and the transmission control module. The car uses a protocol that enables all these components to communicate with each other. The cable converts data sent using this protocol to a USB signal that can be received by an ordinary laptop.

D. Custom-built Connection

A low-speed network connects less critical parts of the car’s computer system, such as the air conditioning, the radio, and the theft deterrent module, which prevents the car from starting without a legitimate key. The researchers loaded their own code onto a circuit board, which was then able to translate between the laptop and the car’s systems.

E. Carshark Interface

The researchers developed a custom “CarShark” interface–which can run on an ordinary laptop–to track and control the messages that various computer systems send each other over the car’s networks. They executed their attacks through this interface, and in some cases they sent it wireless commands from a nearby car.

Photo Credit: Karl Koscher, Alexei Czeskis, and Franzi Roesner



2 comments. Share your thoughts »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me