Hacking experts Charlie Miller and Chris Valasek are about to release a 100-page research paper explaining how to maliciously hack a car’s computer, causing it to crash and potentially kill its occupants. And they’re doing so with the support – and funding – of the federal government.
Miller and Valasek are “white hat” security researchers – that is, people who try to identify software loopholes before hackers can exploit them. The pair will unveil the results of their studies at this week’s Def Con hacking convention to shine more light on the issue and boost car safety.
Right now, hacking into a car’s computer system is a challenge. Manufacturers such as Toyota insist their vehicles are secure and protected. And according to the National Highway Traffic Safety Administration, it’s never been done on the road. Miller and Valasek conducted their research by physically connecting a laptop to a car’s internal computer.
But when car computer systems begin communicating with each other – something the government is advocating – a few lines of extraneous code could easily cause a fatal crash. A team of researchers at the University of San Diego (UCSD) has already explored ways to wirelessly hack car computers via existing Bluetooth connections.
“The vulnerabilities that we found were the kind that existed on PCs in the early to mid-1990s, when computers were first getting on the Internet,” said UCSD professor and car security researcher Stefan Savage.
The consequences of a compromised car are frightening. In one test, Miller and Valasek caused a Toyota Prius to suddenly accelerate, brake at high speeds and veer off course. In yet another test, the researchers were able to disable the brake pedal on a Ford Escape, making it useless when pressed.
“If your laptop crashes you’ll have a bad day, but if your car crashes that could be life threatening,” explains Bruce Snell, a McAfee executive who works in car security. “I don’t think people need to panic now. But the future is really scary.”