Feeds

Hackers spoof car warning system

Blowout

Protecting against web application threats using SSL

Computer scientists have brought new meaning to the term war driving by hacking into a moving car's wirelessly-connected warning systems and generating fake error messages.

A team from the University of South Carolina and Rutgers sent fake tire pressure messages to the onboard computer, generating bogus warning messages. Tire pressure monitoring systems have been compulsory for US vehicles since 2008. The same technology may soon become compulsory in Europe, The H Security reports.

The researchers got the transmission of fake messages to work over a range of up to 40 metres or, more impressively, between two moving vehicles in close proximity travelling at 70kph. The technology to carry out the hack only costs about $1,500 but the trick reportedly took a great deal of ingenuity to pull off. The clever bit involved spoofing wireless sensors and transmitting messages rather than bypassing security controls, which were notable by their absence, as the researchers explain:

Reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers.

Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tyre pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle.

The researchers presented their findings, which included recommendations on how to improve in-car wireless network security and privacy, in a paper presented to the 19th Usenix Security Symposium in Washington on Thursday. Screenshots of the hack in action can be found in a write-up of the attack by motoring news site Jalopnik, here.

Cars are increasingly run using multiple embedded micro-processors. This has opened up a new avenue of research for computer security scientists, but up until now demonstrated hacks have relied on obtaining a physical connection to a car's computer. The latest research shows that wireless hacks are possible, so we should be thankful that malware infections of vehicle systems have never occurred. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.