The notion that hackers could assassinate people in an instant is a favorite among conspiracy theories. The latest example: After the young journalist Michael Hastings died in a car crash last month, conspiracy theorists speculated that his car was deliberately hacked--that the crash was, not an accident, but an act of murder. It's an insanely unlikely scenario, one that isn't really worth entertaining except as a thought experiment. There is one tricky kernel of truth in it, though: car hacking is, in some forms, technically possible.
Limitations first: hackers cannot magically gain control of a car. While cars are increasingly computerized, not every system involved in driving is hooked up to external controls. Let me repeat that for clarity: in almost every car currently on the road, it's impossible to hack the steering. A hacker trying to kill someone via car can't just take over and pilot the vehicle into a tree or off a cliff.
What could they do instead?
A list of potential attacks attempted by researchers at the University of Washington and University of San Diego can be found in a report here. Notable attack options fall into two categories:
Attacks that irritate or confuse the driver.
Researchers demonstrated that hackers could permanently activate the car horn, shoot windshield wiper fluid continuously, disable headlights, falsify the speedometer reading, increase radio volume, and turn off auxiliary lights. In testing, none of these attacks could be stopped by a manual override--which might be enough to cause a car accident on a dimly lit road at night. Alternatively, a well-timed burst of full-volume sound with cut lights and a wiper-fluid-obscured windshield could provoke a sudden accident, but that's a lot of effort and leaves a lot to chance. Mucking about with the speedometer can cause problems, though a driver who can roughly keep up with traffic will be able to get by without it. Most likely result of these attacks? A driver would be annoyed, pull over, get out of the car, and have a long weird call with AAA.
Attacks that change the speed of the car.
Far deadlier are hackers manipulating brakes. In testing, the researchers demonstrated an ability to engage the left and right brakes of a car independently, as well as unevenly engaging right side brakes, and perhaps scariest of all, release all brakes and prevent braking. That, more than anything else, provides the real risk in a car hacking attack. A car that can't brake is a hazard, straight-up, to the driver and everyone around them, but it's not necessarily fatal unless it's so well timed as to be a scripted moment in a Hollywood film.
While car hacking is potentially deadly, it's a really, really uncertain way to attack someone. The effort involved in finding, hacking, and monitoring the car, and then picking the exact right moment to disable the breaks, make such an idea more like "Enemy of the State" than a real threat. It's complicated and probably requires a surveillance team. Bullets are a usually but not always more reliable means, and they require much less planning and coordination.
Failing that, there's always the option of poisoning by polonium-210, most famously used against an ex-KGB agent in London in 2006. If a car must be used, car-bomb assassinations have precedent both in the United States and abroad.
Why limit hacking to only the criminals?
Perhaps NSA with its 1000s of Super Computers will hack the OnStar system and listen to the conversations in the car and if you are deem an enemy of the state, suddenly your car goes berserk.
Mr. Edward Snowden be careful as travel about to other countries and rent your car, bada bing, bada Ka-SPALT with a runaway accelerator!
Naaaaa, that wouldn't happen, right.
This article is ridiculous in thinking that this is some inaccurate way of killing someone. Do you think they are going to be using a xbox 360 controller to make this happen? They are going to be using a custom piece of software to do this. It will be taking the weight of the car, the speed of the car, the ability to brake the left and ride breaks to "steer" the car and create a crash trajectory. Simple science. A very exact method as long as street conditions are known. Stationary objects would be better used as other cars are present unpredictable variables. Swerving the car at the certain speed and then monitoring the traction control system will give you the rest of conditions to make all too accurate. If there is a street camera available then you have visual of the targets surroundings as well. I'm a programmer and that's how I would think about it. Also, are you forgetting about the "automatic cruise control"? Did you also forget that with a little tiny piece of hardware you can reprogram a computer chip on the fly? This would take a single hacker, and a fairly simple interface, to do perfectly. I'm surprised it's not done more. We could go through quite a few car crashes in wonder if this was reality. How many autopsies (or autotopsies in this case) are performed on the cars computers and chips themselves? Would it be possible to make it undetectable? Maybe crack or burn the chip on impact? Hmmmm? You laugh but this is scary real. Way more exact and practical than you make it out to be for sure.
"Do not try and bend the spoon. That is impossible. Only try and realize the truth - there is no spoon."
So if i'm reading the article correctly, its unlikely, but totally possible? Jeez... I wonder if anyone could pull it off, i wonder who could? The CIA? No...they only fly drone airplanes around the planet and drop bombs from 10,000 miles away with a push of the button...
Maybe I watch too much "Person Of Interest", but this past season had an episode where the dude that they were protecting (a young billionaire if i remember right) had his car taken over by hackers in which the gas pedal was stuck wide open and the brakes were deactivated... Another reason to drive an old car I guess.
Actually, I've secretly wanted to hack someone's car that is in front of me on the road where they are going 5 miles BELOW the speed limit. Oh how I'd love to force them to speed up at least to the recommended speed limit. I hate people like that they are the bane of traveling by car and incredibly frustrating. I'll be like push of the button force you to go the speed limit unbeknownst to the driver. hahahahaha yeah!
just as Linda explained I am shocked that a mom can profit $6614 in a few weeks on the computer. did you look at this page......... www.bay95.com
I checked the source article, and I call BS.
They had to connect a remotely controlled computer to the vehicle's OBDII connector. Then they went on about how the CAN protocol didn't provide enough security.
Well, you might notice if someone plugged into your OBDII connector. It COULD be done covertly, but there are easier ways to cause crashes. You could presumably wire into the throttle position sensor and simulate wide open throttle. And there are numerous other more direct approaches.
My main point is that this is NOT a hack as such because it requires special physical access and real time signals.
just as Linda explained I am shocked that a mom can profit $6614 in a few weeks on the computer. did you look at this page.... www.bay95.com
Can Your Car Be Hacked?
Hack to the future.
BY KEITH BARRY
ILLUSTRATION BY CHRIS PHILPOT
From the August 2011 Issue of Car and Driver
Not too long ago, securing a car meant popping the faceplate off the CD player, slapping a Club over the steering wheel, and locking the doors. As vehicles’ electronic systems evolve, however, automobiles are starting to require the same protection as laptop computers and e-commerce servers.
Currently, there’s nothing to stop anyone with malicious intent and some computer-programming skills from taking command of your vehicle. After gaining access, a hacker could control everything from which song plays on the radio to whether the brakes work.
While there are no reported cases of cars being maliciously hacked in the real world, in 2010, researchers affiliated with the Center for Automotive Embedded Systems Security (CAESS—a partnership between the University of California San Diego and the University of Washington) demonstrated how to take over all of a car’s vital systems by plugging a device into the OBD-II port under the dashboard.
It gets worse. In a paper that’s due to be published later this year, those same researchers remotely take control of an unnamed vehicle through its telematics system. They also demonstrate that it’s theoretically possible to hack a car with malware embedded in an MP3 and with code transmitted over a Wi-Fi connection.
Such breaches are possible because the dozens of independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.
Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network that’s not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached.
So the possibility now exists for platoons of cars to go rogue at the command of computer-savvy terrorists, crazed exes, and parking attendants with Ph.D.s in computer science. But the truth is that hacking a car takes a lot of time, effort, and money—three resources automakers are using to fight back.
At Chrysler, where optional infotainment systems are integrated with hard drives and mobile internet hot spots, company spokesman Vince Muniga says a data breach of an individual automobile is “highly unlikely.” That doesn’t mean the company is ignoring the problem. “It’s an ongoing engineering issue,” he says. “You want to stay one step ahead of what these guys might do.” Rich Strader, Ford’s director of information technology security and strategy, says the automaker has been steadily strengthening in-vehicle systems, but the threat is always evolving. He says the difficulty with security is that “you can’t honestly say something is impossible.”
Presently, automakers are beginning to take steps to secure networks the same way the information-technology sector now locks down corporate servers. “Just like the internet in its early days, car networks don’t employ very much security,” says Brad Hein, a programmer who accessed vehicle data from his 2006 Chevy Impala on an Android phone using code he’d written. “As more people start to access car networks,” Hein says, “I expect that the auto industry will start beefing up the security.”
That’s certainly happening at OnStar, the telematics system that’s already in more than 6 million vehicles. Eric Gassenfeit, OnStar’s chief information security officer, says his team has seen resources and staff grow “by an order of magnitude” over the past two years.
So the battle between the hackers and the carmakers is on. Here are your car’s most vulnerable entry points and what automakers are doing to protect them... "
my friend's step-mother makes $66 hourly on the internet. She has been fired for 6 months but last month her paycheck was $20051 just working on the internet for a few hours. Read more on this web site www.zee44.com
as Fred answered I'm shocked that you can get paid $5969 in a few weeks on the internet. have you read this page..... www.buzz90.com
I saw this show on OPB a while back and a university group managed to hack into a car through the integrated cell-phone system, with ALOT of help from the manufacture no doubt. Good experiment.
It might have been the University of Washington/San Diego, not sure.
If you are concerned about Onstar in (GM?) vehicles, you can pull the fuse for it. I know it is tied to the ECU so it can reduce engine power if the cops are after you.
I really don't think any wireless systems, besides encrypted wireless systems like Onstar, are connected to the ECU.
Something like wifi, bluetooth would not be able to do anything other than read data from the ECU, it is as restricted as the navigation computer is to modifying ECU behavior.
Only vehicles that you can intimately control with a touch screen may be vulnerable (Model S, other luxury cars?) because then the navigation computer is tied in.
The attacker would have to be able to mask as a genuine server that can manipulate the vehicle. Encryption is probably very heavy. Also proprietary network so you'd have to be driving along with the car you want to hack, or hack into the tower that is transceiving the signal to/from the car as well as hack into the car itself.
D49 ......... excellent comment. Once upon a time science was based on the "scientific method" but it is obvious from Atherton's work that it has been thrown aside. I assume to misdirect.
Maybe Popular Science should hire you to present the information. At least you seem to have the knowledge to engage with the issue at hand.
I don't know why people would talk about this like it isn't possible. It may seem far fetched, which I agree with, but many things start out as seeming far-fetched that later prove to be 100% truth. Think about how crazy and ridiculous George Orwell must have seemed when he wrote 1984. Like the government would ever turn on its people that much, it could never happen right? Now it is commonly accepted that the government will take our rights whenever they feel like it whether we approve or not.
<a href="http://rldinvestments.com/Kelly%20Calculator/js/Money%20Management.html">RLD Investments</a>
"It's an insanely unlikely scenario"
Bologna, especially considering the text he'd just sent to Wikpedia just before he was killed. BTW, I certainly don't think it was the FBI or NSA that did this, it was whoever was involved with the big story that he said he was going to have to disappear for a while to investigate. The claims of FBI involvement are simply a _stupid_ misread of what he said in that email.
"Let me repeat that for clarity: in almost every car currently on the road, it's impossible to hack the steering."
With the ability to independently control brakes on the left and right side of the car and perhaps even individual wheels, who cares?
If you haven't already, I'd suggest you read the following two white papers as I have::
"Comprehensive Experimental Analyses of Automotive Attack Surfaces"
"Experimental Security Analysis of a Modern Automobile"
There is now on-line a handheld video of a computer screen where video from a security camera that caught the actual accident is shown (not, of course, a full resolution video directly from the camera which would allow better analysis - why?) where it can be seen in the instant before impact the brake lights coming on. Question is, were they applied _before_ the car veered left into the tree or _after_? I'm sure you can understand the significance of that.
With modern electronic throttle controls, uncommanded acceleration is possible and even engine off commands could be ignored. Scenario - Michael Hastings gets into his car and starts driving, brakes and engine kill are disabled, throttle maxed out, car runs red lights (potentially deadly collisions), left brakes applied, car slams into tree, highly suspicious degree of fire (for a 2013 Mercedes C250 coupe) destroys evidence that no police department by itself would be even _remotely_ prepared to discover or analyze even it it was found which would require the request of talented external resources IF and only IF the police department chooses to investigate further.
"I really don't think any wireless systems, besides encrypted wireless systems like Onstar, are connected to the ECU. Something like wifi, bluetooth would not be able to do anything other than read data from the ECU, it is as restricted as the navigation computer is to modifying ECU behavior."
First of all, the sort of attack necessary to kill Hastings could far more easily be have been accomplished with direct hardware access to his car with the attack hardware thereby being attached somewhere on the CAN bus presented for exploit even at the OBD (On-board diagnostics) port in all modern cars. The attached hardware could then use its own RF link for control. In his case it would only require the simple ability to "activate brakes off, engine kill disable, max throttle" as one command with "left brakes/right brakes" or "left-front brake/right-front brake" as the other two commands.
From "Comprehensive Experimental Analyses of Automotive Attack Surfaces":
"Perhaps the most important part of the long-range wireless attack surface is that exposed by the remote telematics systems (e.g., Ford’s Sync, GM’s OnStar, Toyota’s SafetyConnect, Lexus’ Enform, BMW’s BMW Assist, and Mercedes-Benz’ mbrace) that provide continuous connectivity via cellular voice and data networks. These systems provide a broad range of features supporting safety (crash reporting), diagnostics (early alert of mechanical issues), anti-theft (remote track and disable), and convenience (hands-free data access such as driving directions or weather).
These cellular channels offer many advantages for attackers. They can be accessed over arbitrary distance (due to the wide coverage of cellular data infrastructure) in a largely anonymous fashion, typically have relatively high bandwidth, are two-way channels (supporting interactive control and data exfiltration), and are individually addressable.
Previously, we have shown that gaining access to a car’s internal network provides sufficient means for compromising all of its systems (including lights, brakes, and engine) . In this paper, we have further demonstrated that an adversary has a practical opportunity to effect this compromise (i.e., via a range of external communications channels) without having physical access to the vehicle."
"the text he'd just sent to Wikpedia"
Meant to say, "Wikileaks."