Researchers Hijack a Car’s Brakes and Engines

Never mind faulty electronic accelerators–researchers have now shown how to hijack a car’s electronic system, overriding the driver’s control over both its brakes and engine.

The recent controversy concerning flaws in Toyota’s electronic throttle systems shows how serious the results can be when the embedded systems in automobiles go awry. Researchers from the University of Washington and the University of California San Diego are now looking at what can happen when those systems are attacked maliciously.

These efforts are described in a report from the Center for Automotive Embedded Systems Security, a new research center formed to explore emerging automotive technology. The work will be presented next week at the IEEE Symposium on Security and Privacy in Oakland, CA. The researchers say that, assuming an attacker has physical access to the interior of the car they studied, she could take control of many of its computerized systems.

The researchers write:

In live road tests, we were able to forcibly and completely disengage the brakes while driving, making it difficult for the driver to stop. Conversely, we were able to forcibly activate the brakes, lurching the driver forward and causing the car to stop suddenly. We were also able to control the lighting within the cabin, the external lighting, the vehicle’s dash, and so on.

The researchers tested two makes and models of modern cars, but they expect the security problems they found will affect other vehicles.

They emphasize that car owners shouldn’t be alarmed, however, because the attacks require physical access to the interior of a vehicle. Their main concern is a growing trend in the automotive industry to fit automobiles with external wireless connections. Just as security problems in desktop computers became more significant with the advent of broadband, network-connected cars could be a bigger target, the researchers say.