Feeds

Want to remotely control a car? $20 in parts, some oily fingers, and you're in command

Plug 'n play for the automotive hacking community

The Power of One Infographic

Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car's controls while it's on the road.

Car hacking device

Car cracking on a budget

The device, which will be shown off at next month's Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

"A car is a mini network," security researcher Alberto Garcia Illera told Forbes. "And right now there's no security implemented."

Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.

The device currently only works via Bluetooth, but the team says that they will have a GSM version ready by the time the conference starts. This would allow remote control of a target car from much greater distances, and more technical details of the CHT will be given out at the conference.

"The goal isn't to release our hacking tool to the public and say 'take this and start hacking cars'," said Vidal. "We want to reach the manufacturers and show them what can be done."

The duo aren't the first to demonstrate the total lack of security in the CAN bus system. At last year's DefCon convention, veteran hacker Charlie Miller showed how the CAN system was easily controlled using a laptop, and allowed modification of the car's firmware.

Both cracks need physical access – at least briefly – in order to work, but that's not impossible to achieve, and once the hardware's in place all you need to start causing trouble is a wireless signal. With the US government pushing for standards for car communications it might be an idea to insist there should be some security controls built-in, as well. ®

Top three mobile application threats

More from The Register

next story
NEW Raspberry Pi B+, NOW with - count them - FOUR USB ports
Composite vid socket binned as GPIO sprouts new pins
Child diagnosed as allergic to iPad
Apple's fondleslab is the tablet dermatitis sufferers won't want to take
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets
Reports it's killing off smaller slabs are greatly exaggerated
Seventh-gen SPARC silicon will accelerate Oracle databases
Uncle Larry's mutually-optimised stack to become clearer in August
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.