Feeds

Hackers spoof car warning system

Blowout

Secure remote control for conventional and virtual desktops

Computer scientists have brought new meaning to the term war driving by hacking into a moving car's wirelessly-connected warning systems and generating fake error messages.

A team from the University of South Carolina and Rutgers sent fake tire pressure messages to the onboard computer, generating bogus warning messages. Tire pressure monitoring systems have been compulsory for US vehicles since 2008. The same technology may soon become compulsory in Europe, The H Security reports.

The researchers got the transmission of fake messages to work over a range of up to 40 metres or, more impressively, between two moving vehicles in close proximity travelling at 70kph. The technology to carry out the hack only costs about $1,500 but the trick reportedly took a great deal of ingenuity to pull off. The clever bit involved spoofing wireless sensors and transmitting messages rather than bypassing security controls, which were notable by their absence, as the researchers explain:

Reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers.

Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tyre pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle.

The researchers presented their findings, which included recommendations on how to improve in-car wireless network security and privacy, in a paper presented to the 19th Usenix Security Symposium in Washington on Thursday. Screenshots of the hack in action can be found in a write-up of the attack by motoring news site Jalopnik, here.

Cars are increasingly run using multiple embedded micro-processors. This has opened up a new avenue of research for computer security scientists, but up until now demonstrated hacks have relied on obtaining a physical connection to a car's computer. The latest research shows that wireless hacks are possible, so we should be thankful that malware infections of vehicle systems have never occurred. ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.