Aug. 21, 2010 -- It sounds like a Hollywood movie: cybercriminals in a van use a laptop to hack wirelessly into the computer-controlled systems of the car on the road ahead. In seconds the target car's engine, brakes, and door locks are under their nefarious control.
It doesn't take a great script writer to figure out what's next – except that it's not the movies anymore. It's real – well, almost.
Hackers aren't taking over our cars just yet, but without tighter computer security they be able to before too long, research conducted by scientists at four universities indicates.
For example, scientists hacked into a car's computer system by commandeering the wireless tire-pressure monitoring signal of a target vehicle – all while driving at more than 60 miles per hour, according to a joint study released Thursday by Rutgers University and the University of South Carolina.
The new study, along with a similar one from May, suggests looming dangers: People within a vehicle could be tracked using the wireless signals, and they could potentially could be harmed if malevolent hackers learn to exploit or invade a vehicle's control systems from a distance.
"Our research shows that there are multiple risks," says Marco Gruteser, associate professor of electrical and computer engineering at Rutgers University. "Privacy is a problem since every car has these unique fingerprints from tire pressure, and that makes it possible to track movements. But this vulnerability can lead to something more serious."
Hacking a car's wireless systems
The wireless hacking was done by taking advantage of the sensors inside each tire that broadcast a brief radio signal every 60 to 90 seconds. The signal tells one of the car's computer systems the pressure of each. But researchers found that even those weak signals could be intercepted up to 120 feet away and hacked from a roadside location – or by a car in traffic.
Traveling in tandem with the target car, the researchers sent false low-air-pressure warnings to the car's dashboard display and eventually wrecked the internal computer.
Researcher: Attacker Could Access Vehicular Networks
If sending a spurious "low pressure" messages doesn't sound exactly like Mission Impossible, the work of other researchers yielded potentially more-serious vulnerabilities. In May, a team of researchers reported that they succeeded in hacking into the onboard computer networks that controlled the engine, brakes, and door locks, among other systems. This latter study was done physically – not wirelessly – by connecting into a vehicle's computers.
Vehicle manufacturers and third-party systems are increasingly using wireless networks as a cheaper means for connecting to Electronic Control Units (ECUs) – the computer brains behind braking, engine, and locking mechanisms along with other systems. A typical luxury sedan today may use more than 100 megabytes of computer code spread across 50 to 70 ECUs, researchers say.
Audio systems, for instance, are often attached to internal computer networks along with other wireless devices like remote keyless entry systems and the tire-pressure monitors. Other "telematics systems" that can control a car's ignition system and provide crash response or even turn off the fuel if a car is stolen are also wireless.
"Overall, these trends suggest that a wide range of vectors will be available by which an attacker might compromise a component and gain access to internal vehicular networks with unknown consequences," University of Washington and University of San Diego scientists wrote in their May study.
Using homemade hacking software they dubbed "CarShark," the Washington-San Diego researchers in lab and road tests "demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input – including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on," the researchers wrote.
Tire-pressure monitor systems like the ones exploited by the Rutgers-South Carolina team are destined to be the first widely deployed wireless system in US cars since the National Highway Transportation Safety Administration in 2008 mandated that all new cars sold or manufactured after 2008 be equipped with direct tire pressure monitoring systems.
But they won't be the last. That's what has Dr. Gruteser concerned. What's needed, he and others say, is for tire-pressure monitoring and other networks to have good encryption on them – which they don't right now – and much more robust security overall.
Hacking into a vehicle's central computer wirelessly via the tire-pressure monitor system and taking control "is something we're not able to do right now," Gruteser says. "But we can't rule out that it's possible. Our goal is to raise awareness for consumers before this becomes an actual risk. Hopefully, they will then request from car companies more secure devices."