A pair of hackers say they have figured out how to control many functions of vehicles through a physical connection to the car's internal computer networks. Here, an industry affiliate tests out Ford's SYNC connection and entertainment system inside a Ford Fusion at the Consumer Electronics Show, Wednesday, Jan. 9, 2013, in Las Vegas. A 2010 Ford Escape, which has a version of SYNC, was one of the cars the researchers used.
Imagine barreling down the freeway at 70 mph when your nice, new car suddenly takes a sharp right, all without your turning the wheel.
Or picture yourself slamming on the brakes to keep from hitting an obstacle in the road, only to find your vehicle won’t respond.
In cars with networked computer systems, those nightmare scenarios could play out in a security breach, according to two hackers who recently explained their work to Forbes Magazine.
Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at a Seattle consulting firm, received an $80,000-plus grant last fall from Pentagon’s Defense Advanced Research Projects Agency to research security vulnerabilities in automobiles, according to Forbes.
“When you lose faith that a car will do what you tell it to do, it really changes your whole view of how the thing works,” Miller told the magazine's Andy Greenberg.
Their work focused on two 2010 models – a Toyota Prius and a Ford Escape. Sitting inside the cars and linked via a cable to the cars' data ports, they were able to send commands from a laptop that controlled the car’s power steering, brakes, horn and other functions.
They could also hack displays to show false speeds on the odometer and incorrect amounts on the fuel gauge.
The pair will release the findings of their research next week at Def Con 21, a hacker convention in Las Vegas, according to a blog post by Valasek. Their talk is titled "Adventures in Automotive Networks and Control Units."
“At the very least you will be able to recreate our results, and with a little work should be able to start hacking your own car!” he writes.
The pair caution that they have hacked the two cars from the inside – not remotely. And it’s that distinction that prompted a Toyota spokesman to tell Forbes: “Our focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle.”
A group of researchers at UC San Diego and the University of Washington, meanwhile, have shown that it’s possible to remotely take control of vehicle computer systems and override various functions via cell phone connections.
“Academics have shown you can get remote code execution,” Valasek told Forbes. “We showed you can do a lot of crazy things once you’re inside.”
More Southern California Stories: