Feeds

Want to remotely control a car? $20 in parts, some oily fingers, and you're in command

Plug 'n play for the automotive hacking community

Intelligent flash storage arrays

Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.

Car hacking device

Car cracking on a budget

The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

"A car is a mini network," security researcher Alberto Garcia Illera told Forbes. "And right now there's no security implemented."

Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.

The device currently only works via Bluetooth, but the team says that they will have a GSM version ready by the time the conference starts. This would allow remote control of a target car from much greater distances, and more technical details of the CHT will be given out at the conference.

"The goal isn't to release our hacking tool to the public and say 'take this and start hacking cars'," said Vidal. "We want to reach the manufacturers and show them what can be done."

The duo aren't the first to demonstrate the total lack of security in the CAN bus system. At last year's DefCon convention, veteran hacker Charlie Miller showed how the CAN system was easily controlled using a laptop, and allowed modification of the car's firmware.

Both cracks need physical access – at least briefly – in order to work, but that's not impossible to achieve, and once the hardware's in place all you need to start causing trouble is a wireless signal. With the US government pushing for standards for car communications it might be an idea to insist there should be some security controls built-in, as well. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Apple spent just ONE DOLLAR beefing up the latest iPad Air 2
New iPads look a lot like the old one. There's a reason for that
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Microsoft fitness bands slapped on wrists: All YOUR HEALTH DATA are BELONG TO US
Wearable will deliver 'actionable insights for healthier living'
Caterham Seven 160 review: The Raspberry Pi of motoring
Back to driving's basics with a joyously legal high
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
Amazon hopes FIRE STICK will light up its video service
We do streaming video? It seems we do...
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.