[Infowarrior] - With hacking, music can take control of your car

Richard Forno rforno at infowarrior.org
Wed Mar 16 08:26:05 CDT 2011


home » security » news
With hacking, music can take control of your car

Remote-controlled car hacking is a real possibility, researchers say

by Robert McMillan
13 comments | 46I like it!	
Tags: security

http://www.itworld.com/security/139794/with-hacking-music-can-take-control-your-car

March 14, 2011, 08:30 AM —  IDG News Service — 

About 300 years ago, the English playwright William Congreve wrote, "music has charms to soothe a savage breast, to soften rocks, or bend a knotted oak." This week we learned that it can also help hackers break into your car.

Researchers at the University of California, San Diego, and the University of Washington have spent the past two years combing through the myriad computer systems in late-model cars, looking for security flaws and developing ways to misuse them. In a new paper, they say they've identified a handful of ways a hacker could break into a car, including attacks over the car's Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops.

But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. "It's hard to think of something more innocuous than a song," said Stefan Savage, a professor at the University of California.

Last year Savage and his fellow researchers described the inner workings of the networks of components found in today's cars, and they described a 2009 experiment in which they were able to kill the engine, lock the doors, turn off the brakes and falsify speedometer readings on a late-model car.

In that experiment, they had to plug a laptop into the car's internal diagnostic system in order to install their malicious code. In this latest paper, the objective was to find a way to break into the car remotely. "This paper is really about how challenging is it to gain that access from the outside," Savage said.

They found lots of ways to break in. In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. "The easiest way remains what we did in our first paper: Plug into the car and do it," he said.


More information about the Infowarrior mailing list