Researchers shed light on car hacking
Researchers shed light on car hacking
In a culture where vehicles are almost as coveted as houses, what self-described “stunt hackers” Charlie Miller and Chris Valasek did to a Ford Focus on national TV was akin to breaking into a home, raiding the fridge and taking a nap on the couch. When they appeared on morning talk show Today and remotely seized control of a test car from host Carson Daly, people took notice.
With Valasek riding shotgun and Miller at a set of controls behind the car, they jacked the Focus' speedometer up to 100 mph and wrenched the steering wheel from Daly's hands.
Charlie Miller (left)
Occupation: Security engineer, Twitter
College: University of Notre Dame
Accomplishments: “World's best stunt hacker,” first to hack the iPhone, first to hack an Android phone, four-time winner of the Pwn2Own competition, author of books on fuzzing, OS X and iOS security
College: University of Pittsburgh
Accomplishments: Pwnie Awards judge and two-time nominee, chairman of Summercon
The paper they presented at DefCon in early August to document how they did it raised eyebrows, too, but if anyone at Ford or Toyota – manufacturers of the two 2010-model cars they hacked – was interested, they did not let Miller or Valasek know.
“The lack of response was kind of shocking,” says Valasek. “I think their silence tells us how this looks to them.”
Ford's only response to the takeover of Daly's car, and a more explicit hack shown in a video on the show, was to note that the controller Miller and Valasek used had to be hardwired to the car, ruling out the possibility that anyone could surreptitiously commandeer a moving car.
The pair counter that researchers have already demonstrated that wireless control is possible.
“We know it can be done,” says Valasek. “We wanted to take it farther. The academics did not say how they had done it, so we wanted to show that. They also had not looked at automated steering, which we thought was one of the key dangers.”
If the lack of feedback from the automotive industry was surprising, so was the response from those outside it.
“After our Today appearance, we received almost completely positive comments,” says Miller. “I think, even five years ago, we might have been hammered for showing how this can be done.”
Even Valasek's parents took notice, he says. He believes the demonstration has helped shed a more positive light on white-hat hacking. “I mean, Charlie and I are generally normal guys. We watch football. We are not a couple of skeevy-looking guys living in a basement.”
Miller notes that the pair has received significant interest from so-called car tuners – the contemporary equivalent of hot rodders.
Although their morning talk show stunt demonstrated they had a knack for showmanship, the pair insist their work was intended to illustrate the vulnerabilities inherent in controller area networks (CANs) in cars and other objects that use the technology.
They make the point that, with computing devices now embedded in many of the things we use every day, manufacturers have not put sufficient effort into ensuring users are secure. Since manufacturers have not shown much interest, they reason, it is left to individuals' devices.
“We want to lower the barrier to people doing research on this, so we published all of our findings,” says Valasek. “We want everyone to do it.”
The pair attempted to explain it all in detail, so the average person can understand it, adds Miller.
Another goal is to expand the research beyond what has already been shown. A major obstacle, says Miller, is the high cost of vehicles. He says competition in the car industry has led automakers to develop proprietary firmware and control networks, ruling out assumptions that the hacks he and Valasek have developed will work beyond the Focus and Prius models they used.
“At this point, we only know what we know,” says Miller. “We could make some generalizations about the vulnerabilities of CANs and firmware, but we can only take it so far without getting our hands on a wide range of cars in different categories. The expense of doing that kind of research is prohibitive, and so far no one has stepped up to give us access to other cars.”
Valasek says that it would be great if a fleet of Porsches, BMWs and other luxury cars arrived for them to test.
“I would be happy with a fleet of Ford Fiestas,” adds Miller.