Imagine barreling down the freeway at 70 mph when your nice, new car suddenly takes a sharp right, all without your turning the wheel.
Or picture yourself slamming on the brakes to keep from hitting an obstacle in the road, only to find your vehicle won’t respond.
In cars with networked computer systems, those nightmare scenarios could play out in a security breach, according to two hackers who recently explained their work to Forbes Magazine.
Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at a Seattle consulting firm, received an $80,000-plus grant last fall from Pentagon’s Defense Advanced Research Projects Agency to research security vulnerabilities in automobiles, according to Forbes.
“When you lose faith that a car will do what you tell it to do, it really changes your whole view of how the thing works,” Miller told the magazine's Andy Greenberg.
Their work focused on two 2010 models – a Toyota Prius and a Ford Escape. Sitting inside the cars and linked via a cable to the cars' data ports, they were able to send commands from a laptop that controlled the car’s power steering, brakes, horn and other functions.
They could also hack displays to show false speeds on the odometer and incorrect amounts on the fuel gauge.
The pair will release the findings of their research next week at Def Con 21, a hacker convention in Las Vegas, according to a blog post by Valasek. Their talk is titled "Adventures in Automotive Networks and Control Units."
“At the very least you will be able to recreate our results, and with a little work should be able to start hacking your own car!” he writes.
The pair caution that they have hacked the two cars from the inside – not remotely. And it’s that distinction that prompted a Toyota spokesman to tell Forbes: “Our focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle.”
A group of researchers at UC San Diego and the University of Washington, meanwhile, have shown that it’s possible to remotely take control of vehicle computer systems and override various functions via cell phone connections.
“Academics have shown you can get remote code execution,” Valasek told Forbes. “We showed you can do a lot of crazy things once you’re inside.”
More Southern California Stories:
- West Nile Virus Infects Calif. Man
- Feds: Man Tries Stealing $163K Worth of Beef
- Flash-Flood Watch Issued Across SoCal
- Baseball Team to Honor Slain Menifee Boy
- USC AD: Lane Kiffin Not on Hot Seat
- 640,000 LA Students Will Get Free iPads by 2014
- Shots Fired, Woman in Custody After Standoff
- Gunman Sought in Freeway Shooting