New car hack targets vehicles via common gadget
MANILA, Philippines – Researchers from the University of California at San Diego planned to reveal a technique that they say could allow a hacker to wirelessly attack a vehicle connected to a common car gadget.
Wired reported Tuesday, August 11, that an Internet-capable dongle – the OBD2 dongle of France-based Mobile Devices – that is used by insurance firms and trucking fleets to monitor a vehicle's location, speed, and overall efficiency is enabling the hack.
If a specially crafted SMS message – basically a command message – is sent to the dongles, the CAN bus, or network within the car that handles physical driving components, can be remotely controlled.
Stefan Savage, the University of California at San Diego computer security professor who led the project, explained, “We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies." The dongles, according to what they found, “provide multiple ways to remotely…control just about anything on the vehicle they were connected to.”
The proof of concept video above also showed the researchers in action, remotely gaining control of both the windshield wipers and the brakes. Though the brake takeover only occurred at low speeds due to the automated computer funcitons of the vehicle, the attack could have been adapted for other vehicle types or for other aspects of the car's system, including steering and transmission. (READ: Fiat Chrysler recalls 1.4M vehicles after Jeep hacked)
When informed by the researchers of the hardware vulnerability, Mobile Devices said the latest versions of its dongles weren't vulnerable to the attack. Despite this, scans of the Internet using Shodan, a search tool, saw that still-hackable dongles from Mobile Devices were visible in some areas, such as Spain.
“We have a whole bunch of these that are already out there in the market,” Savage added. "Given that we’ve seen a complete remote exploit and these things aren’t regulated in any way and their use is growing….I think it’s a fair assessment that yes, there will be problems elsewhere." – Rappler.com