Skip to Content

Taking Over a Car

Researchers “break in” with software and a laptop.
August 25, 2010

Cars are becoming more computerized, an evolution that could have an unintended side effect: vulnerability to attacks. Researchers at the University of Washington and the University of California, San Diego, led by Tadayoshi Kohno and Stefan Savage, recently showed that by taking over a car’s computers, they could disable the brakes, stop the engine, and control the door locks. For now, most of the attacks require access to a port inside the car. But wreaking havoc could get easier as carmakers add more wireless connectivity. The researchers hope their work will motivate manufacturers to add security features.

A. Computerized Systems

A typical luxury sedan contains 50 to 100 computers controlled by over 100 megabytes of code. Most of these computers communicate over a shared internal network. These systems have surprising interconnections that attackers could exploit, the researchers say. For example, in many cars, the door locking system and the crash detection system are linked. That means an attacker who takes over the locks may get access to key internal systems.

B. Onboard Diagnostics Port

U.S. law mandates an onboard diagnostics port, which is located under the dashboard in most cars. The researchers gain access to the car’s computer systems by plugging into it.

C. Communications Cable

The researchers used this cable to connect to the car’s high-speed communications network, which contains the engine control module, the electronic brake control module, and the transmission control module. The car uses a protocol that enables all these components to communicate with each other. The cable converts data sent using this protocol to a USB signal that can be received by an ordinary laptop.

D. Custom-built Connection

A low-speed network connects less critical parts of the car’s computer system, such as the air conditioning, the radio, and the theft deterrent module, which prevents the car from starting without a legitimate key. The researchers loaded their own code onto a circuit board, which was then able to translate between the laptop and the car’s systems.

E. Carshark Interface

The researchers developed a custom “CarShark” interface–which can run on an ordinary laptop–to track and control the messages that various computer systems send each other over the car’s networks. They executed their attacks through this interface, and in some cases they sent it wireless commands from a nearby car.

Photo Credit: Karl Koscher, Alexei Czeskis, and Franzi Roesner

Keep Reading

Most Popular

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

close up of baby with a bottle
close up of baby with a bottle

The baby formula shortage has birthed a shady online marketplace

Desperate parents just want to feed their babies. They’re having to contend with misinformation, price gouging, and scams along the way.

"Olive Garden" NFTs concept
"Olive Garden" NFTs concept

I tried to buy an Olive Garden NFT. All I got was heartburn.

Our newest issue spells out what you need to know about the dizzying world of digital money.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.