February 6th, 2014
Auto makers have long downplayed the threat of hacker attacks on their cars and trucks, arguing that their vehicles’ increasingly-networked systems are protected from rogue wireless intrusion. Now two researchers plan to show that a few minutes alone with a car and a tiny, cheap device can give digital saboteurs all the wireless control they need.
At the Black Hat Asia security conference in Singapore next month, Spanish security researchers Javier Vazquez-Vidal and Alberto Garcia Illera plan to present a small gadget they built for less than $20 that can be physically connected to a car’s internal network to inject malicious commands affecting everything from its windows and headlights to its steering and brakes. Their tool, which is about three-quarters the size of an iPhone, attaches via four wires to the Controller Area Network or CAN bus of a vehicle, drawing power from the car’s electrical system and waiting to relay wireless commands sent remotely from an attacker’s computer. They call their creation the CAN Hacking Tool, or CHT.
“It can take five minutes or less to hook it up and then walk away,” says Vazquez Vidal, who works as a automobile IT security consultant in Germany. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”
Related: Michael Hastings