Black Hat: Hacking a Car, Again

Monday, August 8, 2016 @ 10:08 AM gHale


By Gregory Hale
Automobile security is horrible, and, while it may be getting better, it is still possible to take over control of a car at high speed.

Just ask noted car hackers Charlie Miller and Chris Valasek, who after years of attacking car systems, they gave their final auto hacking presentation Thursday at Black Hat USA 2016 in Las Vegas. In essence, they were able to send false messages to a car’s internal network, overriding the correct ones.

RELATED STORIES
Black Hat: The Forensics Factor
Black Hat: Drone ICS Attack Possible
Black Hat: IT-OT Learning Curve
Network Monitoring: Keeping an Eye on IIoT

In what often seemed like a stand-up comedy routine, Miller and Valasek showed how they were able to get around speed restrictions which allowed them to take control of the vehicle at speed.

Through a tedious method, the two were able to hack into the vehicle through the engine control unit (ECU) located in the steering column where they were able to send signals through the adaptive cruise control to turn the car, hit the emergency brake and turn off the power steering making the vehicle incredibly difficult to use.

The two showed videos of what could happen when the system ended up hacked into.

Unlike last year’s hack of the Jeep, this one occurred through the vehicle’s Controller Area Network (CAN) network they had access to through a USB port on the dashboard. CAN works very quickly and uses short messages to coordinate devices connected to a controller computer.

Miller said they had already shown how to remotely control the vehicle so this year they wanted to show what could happen once they were able to get inside the system.

In an ongoing attack of the Jeep, last year the two used the vehicle’s audio/video system. From there they hacked the diagnostic system to gain control. However, the diagnostic system does not allow any changes to be made at speeds over 5 mph. This year, they hacked in and made changes at higher speeds.

Valasek said while they were able to hack in, only a handful of people in the world could duplicate their feat.

Miller said, while they focused on the Jeep, he said other car brands are susceptible, but they only used this one vehicle for research.