Taking Over a Car
Cars are becoming more computerized, an evolution that could have an unintended side effect: vulnerability to attacks. Researchers at the University of Washington and the University of California, San Diego, led by Tadayoshi Kohno and Stefan Savage, recently showed that by taking over a car’s computers, they could disable the brakes, stop the engine, and control the door locks. For now, most of the attacks require access to a port inside the car. But wreaking havoc could get easier as carmakers add more wireless connectivity. The researchers hope their work will motivate manufacturers to add security features.
A. Computerized Systems
A typical luxury sedan contains 50 to 100 computers controlled by over 100 megabytes of code. Most of these computers communicate over a shared internal network. These systems have surprising interconnections that attackers could exploit, the researchers say. For example, in many cars, the door locking system and the crash detection system are linked. That means an attacker who takes over the locks may get access to key internal systems.
B. Onboard Diagnostics Port
U.S. law mandates an onboard diagnostics port, which is located under the dashboard in most cars. The researchers gain access to the car’s computer systems by plugging into it.
C. Communications Cable
The researchers used this cable to connect to the car’s high-speed communications network, which contains the engine control module, the electronic brake control module, and the transmission control module. The car uses a protocol that enables all these components to communicate with each other. The cable converts data sent using this protocol to a USB signal that can be received by an ordinary laptop.
D. Custom-built Connection
A low-speed network connects less critical parts of the car’s computer system, such as the air conditioning, the radio, and the theft deterrent module, which prevents the car from starting without a legitimate key. The researchers loaded their own code onto a circuit board, which was then able to translate between the laptop and the car’s systems.
E. Carshark Interface
The researchers developed a custom “CarShark” interface–which can run on an ordinary laptop–to track and control the messages that various computer systems send each other over the car’s networks. They executed their attacks through this interface, and in some cases they sent it wireless commands from a nearby car.
Photo Credit: Karl Koscher, Alexei Czeskis, and Franzi Roesner
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.