Hand-Sized Device Can Hack Cars Remotely, Researchers Call for Greater Security
February 6, 2014 11:50 AM
comment(s) - last by
The device will be presented at the Black Hat Asia security conference in Singapore next month
A team of Spanish security researchers is out to
beef up auto security
by showing its ability to hack a car with a device the size of your hand.
, security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to show a new device they've built at the Black Hat Asia security conference in Singapore next month -- and they're hoping it will be a wake-up call for the auto industry.
The device is called the CAN Hacking Tool (CHT) and it attaches via four wires to the Controller Area Network or CAN bus of a vehicle. It draws power from the car’s electrical system and allows an attacker to send wireless commands remotely from a computer.
The researchers say it's as easy as lifting the hood real quick or simply sliding under the car to attach the device to a vehicle and walk away.
From there, the attacker could switch off headlights, set off alarms, roll windows up and down, and access anti-lock brakes or emergency brakes. The researchers have already tested it on four different vehicles, although they won't reveal which makes and models.
CHT [SOURCE: Forbes]
For right now, the device only works using Bluetooth, which means it can be controlled from just a few feet away. But the research team said that by the time the conference rolls around next year, it will implement a GSM cellular radio, which will allow remote control of the vehicle from a few miles away.
“It can take five minutes or less to hook it up and then walk away,” said Vazquez-Vidal. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”
What makes matters worse is that the items needed to build the device can all easily be bought from store shelves, and costs under $20 total.
Also, it's nearly impossible to trace the attacker, according to the researchers.
The team said they built the device to show automakers what attackers are capable of, and to call for greater security in cars, which are becoming increasingly connected and more vulnerable to hacks.
“The goal isn’t to release our hacking tool to the public and say ‘take this and start hacking cars,’” says Vazquez-Vidal. “We want to reach the manufacturers and show them what can be done.”
This article is over a month old, voting and posting comments is disabled
This is a non-issue
2/8/2014 12:54:11 AM
First of all, all of these issues are address in OBDIII.
1) OBDIII tells you when a 3rd party device is plugged into the PEG port or is running on the CAN BUS.
2) OBDIII sets off the alarm/immobilizes the vehicle is the alarm system is active when a device is plugged in.
3) OBDIII divides up the emissions, restraint, braking, engine control, climate control, steering/suspension and entertainment systems of a vehicle into separate groups. All groups except or emissions are vendor-specific.
3a) Unfortunately this means that proprietary readers will be required for each brand of vehicle to identify problems other than emissions.
3b) Fortunately, this means that no universal devices will be able to compromise a vehicle, unless they want to hack that EGR reading from 2 miles away.
In the near term, its important to consider how ineffective this device will be on OBDII vehicles:
1) I doubt it can take control of a moving vehicle since most vehicles don't allow parameter modification to safety systems when the VSS reads a speed above zero. All vehicles require a restart for RSM/ABS modules to initialize newly written data.
2) If you are in a stationary vehicle and somebody takes control of it by moving it, you can
a) remove the keys/hold the start button for 5 seconds
b) apply the brake pedal. this is a mechanical system that can not be disabled/overridden.
I am absolutely dying to see this thing work. It may take advantage of one model vehicles' flaws, or at best one manufactures flaws, but to make a device that can "take control" of all vehicles using the CAN BUS is impossible.
I hope they call it Series T-X
"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard
Security Researchers Try to Protect Vehicles from Computer Viruses
August 20, 2012, 9:29 AM
Ford’s Use of Aluminum Bodies to Extend to Super Duty Trucks, Chrysler Doubles Ram EcoDiesel Production
September 30, 2014, 10:59 AM
2016 Cadillac ELR to Receive "Engineering Enhancements", 2nd Gen Model Still on the Table
September 24, 2014, 1:30 PM
Google's Autonomous Vehicles Approved to Travel Any Road in California
September 22, 2014, 4:15 PM
Tesla’s Elon Musk Says that Fully Autonomous Vehicles Are Still at Least 5 Years Away
September 19, 2014, 9:48 AM
Quick Note: Kia Soul EV Priced from $33,700
September 11, 2014, 5:32 PM
Production Infiniti LE Electric Sedan Leaked in Patent Drawings
September 9, 2014, 10:32 AM
Most Popular Articles
Appalling Negligence: Decade-Old Windows XPe Holes Led to Home Depot Hack
September 8, 2014, 8:58 PM
iBend: Reports Grow of Razor-Thin iPhone 6+ Folding Like Origami in Your Pocket
September 23, 2014, 6:08 PM
New AT&T Mobile Share Value "Double Data" Promotion Lasts Through October
September 28, 2014, 8:32 AM
Update: Apple Releases iOS 8.0.2 Update to Make Up for Botched 8.0.1 Release
September 25, 2014, 8:19 PM
FBI Outraged That Apple, Google are Adopting Digital "Locks" to Protect Users
September 26, 2014, 1:00 PM
Latest Blog Posts
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information