Charlie Miller Releases Open Source "Car Sabotage Toolkit"
September 5, 2013 9:09 AM
New how-to guide allows even layman hackers to carry out attacks similar to suspected government efforts
During a presentation at
Def Con 21
last month, famed Apple, Inc. (
works at Twitter
) and Chris Valasek, director of security intelligence at IOActive, revealed an interesting side project. The presentation showed how to
affordably attack a vehicle's CAN bus
with malicious messages, causing the vehicle to brake, refuse to break, or even steer into a wall. The presentation shows how such attacks could be carried out -- even by relatively unskilled hackers.
I. CAN -- Useful, but Not Very Secure
Cars over time have grappled with increasing use of electronic control units (ECUs) and at times conflicting standards. CAN (the Controller Area Network) was an industry wide effort to simplify and improve in-car communications. While implementations vary slightly, CAN is governed by a set of published standards from the International Standards Organization (ISO) including
(ISO-TP) (sending) and
A part of a broader set of standards to make vehicle diagnosis easier (the so called On Board Diagnosis II (OBD-II) standard), CAN has been required on all light vehicles in the U.S. since 1996 and in the EU since 2001 (petrol vehicles) / 2004 (diesels). But it turns out that as the vehicles are becoming more connected and ECU count continues to rise, fundamental security flaws in the standard and its implementation in current vehicles are showing through.
There's many routes that you can use to attack the CAN bus. [Image Source: AutoSec]
The issue first received serious consideration in 2010 when
Professor Tadayoshi Kohno
University of Washington
Professor Stefan Savage
University of California, San Diego
(UCSD) published a paper entitled "
Experimental Security Analysis of a Modern Automobile
" [PDF], in which they tested self-erasing attack codes for ECUs which targeted the CAN bus.
Once (temporarily) installed on a target ECU these codes were capable of sudden braking, brake failure, or acceleration, via sending malicious signals to various other onboard ECUs. Amazingly, the authors found that many ECUs would even allow themselves to be reflashed (reprogrammed) while driving, with the proper CAN message encouragement.
The vehicle in these tests was rumored to be an OnStar equipped model from General Motors Comp. (
In 2011 UW/UCSD researchers showed hackers could remotely attack vehicles via smartphones or Bluetooth. [Image Source: TomTom]
The UW/UCSD teams followed up that critical work with another paper, "
Comprehensive Experimental Analyses of Automotive Attack Surfaces
" which found that malicious attack codes
could be transferred by Bluetooth
-- or even into a CAN-connected CD player unit via a special CD or even remotely via malware on smartphones connected to your infotainment system.
However, while these kinds of claims were alarming, an open set of libraries to control CAN I/O was not available until at the time. In other words, unless you were someone with a lot of resources -- e.g. a government -- or an automotive expert with a lot of time on your hands, you likely wouldn't have the knowledge or means to do these kinds of CAN based attacks. That meant that cars enjoyed a modicum of security from your average script-writing internet hacker masses.
II. "Car Hacking for Dummies"
But that relatively safety appears to be coming to an end. Funded by
the Defense Advanced Research Projects Agency
Mr. Miller and Mr. Valasek have baked a set of libraries to make writing code to study CAN signals and craft attacks much easier. Dubbed
[zip], the attack library builds on the barebones
[PDF], which is distributed by EControls, a maker of CAN-interface USB devices.
The only difficulty is that EControl's ECOM can't easily plug into the ODB-II port, a CAN input commonly located near the passenger's seat. But if you have basic cable-making skills, you can fashion a connector using
the ODB-II connector shell
, which ODB Diagnostics, Inc. sells.
Beyond that all you need are that typical assets of an internet hacker -- basic coding knowledge, time, and a target.
With a custom ECOM-to-ODB connector built from off-the-shelf parts (left), an EControls ECOM test cable (right), and a laptop, you can test car attacks like a pro. [Image Source: Def Con]
In their work, the authors use the APIs they developed to identify and attack various control signals in a 2010 Prius from Toyota Motor Corp. (
) and a 2010 Escape from Ford Motor Comp. (
). The authors showed how the APIs could be used to accomplish attacks similar to those the UW/UCSD team carried out on the brakes or throttle. They also demonstrated how cars with automatic parking features (e.g. the Prius) could be used to even malicious steer the vehicle, as the car can now take control of the steering wheel with the right signals (typically a driver could override this if they firmly gripped and twisted the wheel, but not all drivers would know how to respond -- particularly given the surprise of the attack).
III. Danger is Rising
Again, the key difference between the UCSD/UW effort and the recent Def Con talk is that the UCSD/UW team did not release their attack software and kept their descriptions of the attack's finer details to a higher level. By contrast the recent presentation not only comes with an open library of "helpful" attack software, but also explicit descriptions of how to buy/build an interface device and detailed examples of attacks on specific ECUs in terms even a layman with basic programming skills could understand.
Charlie Miller [Image Source: ZDNet]
With the Def Con presentation, what was once a purely academic attack is creeping closer to general use.
Thus, even if you don't buy into plausible conspiracy theories like those surrounding Mr. Hastings death, and aren't afraid of your government, you still now have something to actually worry about, since the Pandora’s box of "CAN hacking for dummies" has been open by these pro-disclosure researchers.
Soon deadly sabotage attacks may be common on older vehicles. [Image Source: Unknown]
IV. Fiery Crash of Obama Administration Critic Fuels Interest in Car Hacking
The timing of Def Con 21 was uncanny, coming at a time when
regarding the death of prominent Obama and Bush administration critic and
contributing editor Michael Hastings were peeking. Mr. Hastings -- a medical marijuana user -- allegedly had traces of both methamphetamine and marijuana in his system when his car steered off course on a deserted Highland Avenue at around 4:20 a.m. on June 18 and struck a tree prompting the Mercedes to burst into flames.
While fiery crashes and deaths are a rare, but not altogether foreign tragedy on America's highways, the reporter's adversarial relationship with the Obama administration -- and
the Obama administration's willingness to harass reporters
who dig too deeply -- has fueled theories that foul play might have been involved in the crash.
Controversy commenced when his neighbor and close friend, Jordanna Thigpen,
that Mr. Hastings feared for his life and that he was concerned his car was tampered with. At the time Mr. Hastings was
working on a major exposé
of the Obama administration and
U.S. Central Intelligence Agency
, according to a report by the local San Diego 6 News.
Electronic hacking is one of the possible methods of sabotage that some suspect was used to kill journalist Michael Hastings. [Image Source: PrisonPlanet]
Prior to President Barack Obama's election in 2008, Brennan was working at Analysis Corp. --
one of two government contracting firms
which gained unauthorized access to the then-Senator Obama's passport record. That incident has
led to speculation
that Mr. Hastings might have been unearthing evidence of Mr. Brennan's possible role in the access, tampering, or "sanitization" of the President's passport.
While many details of the crash added up (methamphetamine users often become dangerously paranoid) -- others provoked suspicion, including reports that Mr. Hastings was allegedly
visited by federal agents
on the day of his death. Former Cybersecurity Czar (formally, the U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism)
The Huffington Post
in an interview:
I'm not a conspiracy guy. In fact, I've spent most of my life knocking down conspiracy theories. But my rule has always been you don't knock down a conspiracy theory until you can prove it [wrong]. And in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can't prove it.
Whether or not his suspicions prove true, the fervor surrounding the topic of automotive hacking is arguably justified.
Anyone with basic skills, physical access to your car, and mischief or malice in their hearts can now attach a malicious device to your car -- or potentially even reprogram one of your onboard ECUs. When you start driving, the attacker's code will spring into effect, and if the author did their homework, it may erase any trace of itself after it accomplishes its objectives.
That's the bad news.
The good news is that once the public realizes this -- and once automakers realize that the public realizes this, the market will mandate they implement stiffer security into their CAN-connected components. Such security will help to protect drivers not only from the government, but also from the much more common malicious members of the masses.
And that's good news for everyone -- even if you're not paranoid.
Def Con/Charlie Miller
"I want people to see my movies in the best formats possible. For [Paramount] to deny people who have Blu-ray sucks!" -- Movie Director Michael Bay
Obama's DOJ Caught Spying on Associated Press in Hunt for Leakers
May 14, 2013, 8:44 AM
Docs Show CIA's Mass Drone Death Strikes Killed Few al-Qaeda Leaders
April 10, 2013, 3:16 PM
Famed Apple Device Hacker Charlie Miller Enlists With Twitter
September 14, 2012, 7:47 PM
Security Researchers Try to Protect Vehicles from Computer Viruses
August 20, 2012, 9:29 AM
New Studies Warn of Cyber, Terrorist Attacks on Technologically Advanced Vehicles
January 2, 2012, 11:38 AM
Xiaomi Mi 6 - Flash Sale on April 28 in China
April 26, 2017, 7:45 AM
Apple Watch NikeLab Limited Edition unveiled.
April 22, 2017, 6:20 AM
What is the Apple’s iPhone 8 specifications and release date?
April 14, 2017, 5:43 AM
Xiaomi Mi Pad 3 tablet with Hexa –Core SoC, Android Marshmallow
April 6, 2017, 6:40 AM
Vivo launches V5 Plus IPL edition smartphone
April 4, 2017, 11:10 AM
Samsung S8 and S8 Plus: On Sale April 21 at Major Wireless Dealers
March 30, 2017, 7:35 AM
Most Popular Articles
Surface Pro 5 Rumors - New Release Date and Price
April 22, 2017, 6:45 AM
SAPPHIRE PULSE Radeon RX 580 8GD5 – Great Value for the Money
April 20, 2017, 7:47 AM
Apple Watch NikeLab Limited Edition unveiled.
April 22, 2017, 6:20 AM
Dell Inspiron 17 7000 – A Premium Laptop featuring 7th Gen Intel Core i7 in a 2-in-1 Frame.
April 19, 2017, 7:45 AM
Meet the Smartphone with four cameras - Alcatel Flashphone
April 5, 2017, 11:20 AM
Latest Blog Posts
Google Android App – Huge improvement on Nighttime Photography
Apr 27, 2017, 7:40 AM
Google Co-Founder, Sergey Brin has an Airship
Apr 26, 2017, 6:43 AM
Samsung Galaxy S8 and S8 Plus – Lots of Glass that Breaks Easily
Apr 25, 2017, 7:20 AM
Samsung Galaxy S8 – Warning for Pet Owners
Apr 24, 2017, 5:59 AM
Sound Bars and the Costs?
Apr 23, 2017, 6:30 AM
Link your Brain to Your Computer – In Four Years…Maybe
Apr 22, 2017, 7:03 AM
Google Home can now identify users by their voice.
Apr 21, 2017, 7:15 AM
Amazon Lex – Now Available for Developers.
Apr 20, 2017, 6:58 AM
You can now use Instagram offline on your Android Smartphone
Apr 19, 2017, 8:00 AM
Now you can livestream to YouTube from your mobile device.
Apr 18, 2017, 8:05 AM
Google Home – Is It a Spy Device?
Apr 17, 2017, 7:30 AM
Apple added to self –driving test permit list
Apr 15, 2017, 6:21 AM
Project Scorpio – Coming on June 11
Apr 14, 2017, 6:20 AM
Looks Like Samsung Has Been Forgiven.
Apr 13, 2017, 6:50 AM
United Airlines - Blasted on China’s Social Network and the Stock Market
Apr 12, 2017, 6:50 AM
Amazon's Third-Party Sellers Hacked
Apr 11, 2017, 6:25 AM
Microsoft Surface Pro5 Details Revealed
Apr 9, 2017, 6:41 AM
Own An Android Phone? Then you could be hacked over Wi-FI
Apr 7, 2017, 6:47 AM
Apple confirms iOS 10.3 bug and its effect on iCloud Services
Apr 6, 2017, 6:30 AM
Apple Rolls Out New Version of Apple Music
Apr 5, 2017, 10:35 AM
Apple in the News
Apr 4, 2017, 9:03 AM
Apple iPhones Will Soon Feature Graphics Chips Designed BY Apple
Apr 3, 2017, 6:23 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information