24 July 2013
By Patrick George
Andy Greenberg is a writer for Forbes. He has agreed to drive a Toyota Prius that serves as the test subject for DARPA engineers doing research on car hacking. He has no idea what he’s in for.
To prove just how much modern cars are controlled by their computer systems, the engineers proceed to screw with Greenberg’s speedometer, gas gauge, brakes, transmission, horn and steering wheel — all while he’s driving, and all from a laptop connected to the car.
The details are in Greenberg’s latest Forbes story, where he plays guinea pig for Charlie Miller and Chris Valasek, two engineers doing consulting work for the Pentagon’s Defense Advanced Research Projects Agency. They’re doing research into the potential threat of car hacking, and they will present their findings at the Las Vegas hacker convention next month.
The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry’s security problems before malicious hackers get under the hoods of unsuspecting drivers. The need for scrutiny is growing as cars are increasingly automated and connected to the Internet, and the problem goes well beyond Toyota and Ford. Practically every American carmaker now offers a cellular service or Wi-Fi network like General Motors’ OnStar, Toyota’s Safety Connect and Ford’s SYNC. Mobile-industry trade group the GSMA estimates revenue from wireless devices in cars at $2.5 billion today and projects that number will grow tenfold by 2025. Without better security it’s all potentially vulnerable, and automakers are remaining mum or downplaying the issue.
It is indeed a scary thought, as we can see in this video. And the pair are doing important research that shows just how much of a car can be controlled by seizing its computer system, and if it leads to increased protection against this kind of thing, that’s very good news.
But as we’ve said here before, let’s not get too worried about the “threat” of car hacking at the moment. The current media narrative is that some terrorist kid with a laptop can remotely seize control of your cars, causing entire highways full of traffic to drive off cliffs or whatever. That’s definitely not the case yet.
Look at all the dismantling the two researchers had to do to the Prius to connect their computers. While the potential for wireless, remote seizure of a car is theoretically possible, it remains extremely unlikely. Physical access of some kind is typically required. Until these guys can do this to a brand new car I just bought at a dealership, I won’t be too worried about it.
Still, let’s hope that this kind of research can keep such a thing from ever becoming a reality.