Skip to Content

Taking Over a Car

Researchers “break in” with software and a laptop.
August 25, 2010

Cars are becoming more computerized, an evolution that could have an unintended side effect: vulnerability to attacks. Researchers at the University of Washington and the University of California, San Diego, led by Tadayoshi Kohno and Stefan Savage, recently showed that by taking over a car’s computers, they could disable the brakes, stop the engine, and control the door locks. For now, most of the attacks require access to a port inside the car. But wreaking havoc could get easier as carmakers add more wireless connectivity. The researchers hope their work will motivate manufacturers to add security features.

A. Computerized Systems

A typical luxury sedan contains 50 to 100 computers controlled by over 100 megabytes of code. Most of these computers communicate over a shared internal network. These systems have surprising interconnections that attackers could exploit, the researchers say. For example, in many cars, the door locking system and the crash detection system are linked. That means an attacker who takes over the locks may get access to key internal systems.

B. Onboard Diagnostics Port

U.S. law mandates an onboard diagnostics port, which is located under the dashboard in most cars. The researchers gain access to the car’s computer systems by plugging into it.

C. Communications Cable

The researchers used this cable to connect to the car’s high-speed communications network, which contains the engine control module, the electronic brake control module, and the transmission control module. The car uses a protocol that enables all these components to communicate with each other. The cable converts data sent using this protocol to a USB signal that can be received by an ordinary laptop.

D. Custom-built Connection

A low-speed network connects less critical parts of the car’s computer system, such as the air conditioning, the radio, and the theft deterrent module, which prevents the car from starting without a legitimate key. The researchers loaded their own code onto a circuit board, which was then able to translate between the laptop and the car’s systems.

E. Carshark Interface

The researchers developed a custom “CarShark” interface–which can run on an ordinary laptop–to track and control the messages that various computer systems send each other over the car’s networks. They executed their attacks through this interface, and in some cases they sent it wireless commands from a nearby car.

Photo Credit: Karl Koscher, Alexei Czeskis, and Franzi Roesner

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.