Hijacking connected cars with a $25 tool
A presentation by two Spanish researchers scheduled to take place later this month at the Black Hat conference in Las Vegas will apparently prove that hijacking modern cars via electronic means is not only easy, but cheap to execute as well.
The question of whether it’s possible to mount cyber attacks against cars with an electronic control unit and gain control of it has lately been featured prominently in the news because of the untimely and gruesome death of Rolling Stone journalist Michael Hastings.
At the time of his death, Hastings was apparently working on a “big story” possibly involving the US government, and the circumstances of the accident in which he was killed are still unclear, but have given rise to theories that he might have been killed because of it.
According to Richard Clarke, former US National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, it’s possible that the accident was caused by someone who took control of his car.
“What has been revealed as a result of some research at universities is that it’s relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn’t want acceleration, to throw on the brakes when the driver doesn’t want the brakes on, to launch an air bag,” he said, but concluded that we will probably never know it that was what happened.
Now Javier V??zquez Vidal and Alberto Garcia Illera are set to demonstrate that a tool that can wrestle control of a car’s ECU from the driver can be easily constructed for as little as $25.
According to New Scientist, the tool is able to break the RSA 256 and seed / key algorithm protection of Bosch EDC15 and EDC16, two widely used ECUs, and to read from and write data to the flash memory they use.
This would allow the attacker to do a variety of things, among which are potentially dangerous ones such as deploying breaks when unnecessary, immobilizing a car at any moment, and so on.