DefCon car hacking talk will detail how an outsider can "physically control" the vehicle

Share this article:
The car hacking talks will cover findings involving controller area networks (CAN) and automobiles.
The car hacking talks will cover findings involving controller area networks (CAN) and automobiles.

Security researcher Chris Valasek offered additional insight on Wednesday into the highly anticipated car hacking presentation he is scheduled to co-deliver at the upcoming DefCon show in Las Vegas.

Valasek, director of security intelligence at services firm IOActive, will be joined on stage by ex-National Security Agency hacker and current Twitter security engineer Charlie Miller.

Their talk, "Adventures in Automotive Networks and Control Units," will discuss findings involving controller area networks (CAN) and automobile firmware. CAN is a protocol that enables electronic systems in cars to speak to each other without the need for a centralized computer.

According to a Forbes report, the two researchers picked apart a 2010 Ford Escape and Toyota Prius, aided in their work by an $80,000 grant they received from the Defense Advanced Research Projects Agency (DARPA), the U.S. Defense Department's research arm.

Valasek said the pair intend to discuss diagnostic CAN messages, which typically are meant to diagnose car issues that need repair, but which can be manipulated to "physically control the automobile under certain conditions."

In addition, the duo will demonstrate how more routine CAN traffic can be used to overtake safety control mechanisms.

Finally, he said, they will explain how firmware modification can permit them to make "permanent" changes to a car's behavior.

Valasek said all of the research being presented, which will include documentation, code and tools, is based on findings from having direct access to the cars and will involve no remote attack vectors or exploits.

"At the very least, you will be able to recreate our results, and with a little work, should be able to start hacking your own car!" he wrote.

The talk is scheduled for 10 a.m. on Aug. 2 at the Rio All-Suite Hotel and Casino, as part of opening day of DefCon 21.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.