Feeds

Want to remotely control a car? $20 in parts, some oily fingers, and you're in command

Plug 'n play for the automotive hacking community

Secure remote control for conventional and virtual desktops

Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.

Car hacking device

Car cracking on a budget

The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

"A car is a mini network," security researcher Alberto Garcia Illera told Forbes. "And right now there's no security implemented."

Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.

The device currently only works via Bluetooth, but the team says that they will have a GSM version ready by the time the conference starts. This would allow remote control of a target car from much greater distances, and more technical details of the CHT will be given out at the conference.

"The goal isn't to release our hacking tool to the public and say 'take this and start hacking cars'," said Vidal. "We want to reach the manufacturers and show them what can be done."

The duo aren't the first to demonstrate the total lack of security in the CAN bus system. At last year's DefCon convention, veteran hacker Charlie Miller showed how the CAN system was easily controlled using a laptop, and allowed modification of the car's firmware.

Both cracks need physical access – at least briefly – in order to work, but that's not impossible to achieve, and once the hardware's in place all you need to start causing trouble is a wireless signal. With the US government pushing for standards for car communications it might be an idea to insist there should be some security controls built-in, as well. ®

Beginner's guide to SSL certificates

More from The Register

next story
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Intel's LAME DUCK mobile chips gobbled by CASH COW
Chipzilla won't have money-losing mobe unit to kick about anymore
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
Ford's B-Max: Fiesta-based runaround that goes THUNK
... when you close the slidey doors, that is ...
Disturbance in the force lets phones detect gestures with Wi-Fi
These are the movement detection devices you're looking for
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.