Skip to Content

Taking Over a Car

Researchers “break in” with software and a laptop.
August 25, 2010

Cars are becoming more computerized, an evolution that could have an unintended side effect: vulnerability to attacks. Researchers at the University of Washington and the University of California, San Diego, led by Tadayoshi Kohno and Stefan Savage, recently showed that by taking over a car’s computers, they could disable the brakes, stop the engine, and control the door locks. For now, most of the attacks require access to a port inside the car. But wreaking havoc could get easier as carmakers add more wireless connectivity. The researchers hope their work will motivate manufacturers to add security features.

A. Computerized Systems

A typical luxury sedan contains 50 to 100 computers controlled by over 100 megabytes of code. Most of these computers communicate over a shared internal network. These systems have surprising interconnections that attackers could exploit, the researchers say. For example, in many cars, the door locking system and the crash detection system are linked. That means an attacker who takes over the locks may get access to key internal systems.

B. Onboard Diagnostics Port

U.S. law mandates an onboard diagnostics port, which is located under the dashboard in most cars. The researchers gain access to the car’s computer systems by plugging into it.

C. Communications Cable

The researchers used this cable to connect to the car’s high-speed communications network, which contains the engine control module, the electronic brake control module, and the transmission control module. The car uses a protocol that enables all these components to communicate with each other. The cable converts data sent using this protocol to a USB signal that can be received by an ordinary laptop.

D. Custom-built Connection

A low-speed network connects less critical parts of the car’s computer system, such as the air conditioning, the radio, and the theft deterrent module, which prevents the car from starting without a legitimate key. The researchers loaded their own code onto a circuit board, which was then able to translate between the laptop and the car’s systems.

E. Carshark Interface

The researchers developed a custom “CarShark” interface–which can run on an ordinary laptop–to track and control the messages that various computer systems send each other over the car’s networks. They executed their attacks through this interface, and in some cases they sent it wireless commands from a nearby car.

Photo Credit: Karl Koscher, Alexei Czeskis, and Franzi Roesner

Keep Reading

Most Popular

This startup wants to copy you into an embryo for organ harvesting

With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

VR is as good as psychedelics at helping people reach transcendence

On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

This nanoparticle could be the key to a universal covid vaccine

Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.