Published in collaboration with NCMS
Digital Manufacturing Report

News & information about the fast-moving world
of digital manufacturing, modeling & simulation

Language Flags

White Hats Warn of Cyber Carjackings

Whether it’s integrating a sleek infotainment system with a touchscreen display, emergency services, or an automated system that will drive your car for you, the automotive industry is continuing its push toward smarter, integrated vehicles. But at what cost might that come?

Some have worried that as we allow computers to expand its connections to touch vital systems of the car—from steering to the brakes—we could be in danger of finding that as we cruise down the highway, someone outside of the car has managed to take the wheel. And this is just the fear that security experts and  “white hat” hackers Charlie Miller and Chris Valasek of IOActive are discussing today at the Defcon 21 conference in Las Vegas.

As white hats, Miller and Valasek probe systems for vulnerabilities before showing their results to the product’s vendors so that they might address the issue before malicious black hat hackers beat them to it.

And according to a Reuters report, they’ve done it. During their tests, Miller and Valasek were able to force a Prius that was cruising along at 80 mph to brake suddenly, accelerate, and even jerk the steering wheel. What’s potentially more frightening is that the team claims that when they went to work on a Ford Escape, they were able to disable the brakes such that the car would continue to accelerate even if the driver were to stand on the brakes.

Of course, it’s important to note that in this case, the team’s remote control wasn’t actually that remote. In fact, the two white hats were in the vehicles in question, and using laptops that were directly connected to the car to tap into the vehicle’s electronic systems.

According to IOActive’s summary of today’s talk, the team is specifically targeting cars’ Electronic Control Units, which were designed to monitor fuel efficiency and regulate emissions. But at this point the system has evolved into a more sophisticated network or nervous system of sorts, controlling everything from infotainment to safety and “enhanced automotive functionality.”

During their session, the experts plan to:

“...first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, we’ll discuss aspects of reading and modifying the firmware of ECUs installed in today’s modern automobile.”

For automakers, news like this presents them with a dilemma. On the one hand, the trend is to deliver integrated options and functionality. But this happens to be just the sort of efforts that make it easier for white hats and black hats alike to wreak havoc on our highways.

As car executives have already explained, the key to connected cars is segregating mission-critical systems (brakes, steering, power train) from infotainment. Because after all, while you may not want to get Rick-rolled in your own car, it beats having a hacker roll your car over.

At today’s session, Miller and Valasek may answer the question of whether or not such compartmentalization will be enough. They also plan to publish the details of their work on the Toyota Prius and Ford Escape, which was funded by a grant from the U.S. government, in a 100-page white paper.

What you won’t see from today’s session is more information about remote wireless hacking, which is precisely what black hats would need to launch an actual attack. Instead, the team says that they are hoping to motivate other white hats to uncover additional security flaws. Hopefully with these efforts, plus the details laid out in the white paper, automakers will finally be able to wall off their cars’ critical systems—and the black hats—for good.

Toyota Motor Corp spokesman John Hanson already said that the company has been reviewing Miller and Valasek’s work. He said that the company has invested heavily in electronic security, but that there are bugs remaining—as is the case for other automakers.

“It’s entirely possible to do,” Hanson said in reference to the hacks. “Absolutely we take it seriously.”

RSS Feeds

Subscribe to All Content

Feature Articles

Titan Puts a New Spin on GE’s Wind Turbine Research

Unlike traditional energy sources, wind is a trouble to tame, which has led GE to turn to advanced simulations at Oak Ridge National Laboratory to put the technology on track to cover 12 percent of the world's energy production.

Lighting a Fire Under Combustion Simulation

Combustion simulation might seem like the ultimate in esoteric technologies, but auto companies, aircraft firms and fuel designers need increasingly sophisticated software to serve the needs of 21st century engine designs. HPCwire recently got the opportunity to take a look at Reaction Design, one of the premier makers of combustion simulation software, and talk with its CEO, Bernie Rosenthal.

D-Wave Sells First Quantum Computer

On Wednesday, D-Wave Systems made history by announcing the sale of the world's first commercial quantum computer. The buyer was Lockheed Martin Corporation, who will use the machine to help solve some of their "most challenging computation problems." D-Wave co-founder and CTO Geordie Rose talks about the new system and the underlying technology.

Short Takes

Local Motors and ORNL Partner for Automotive Manufacturing

Jan 24, 2014 | Local Motors, a vehicle innovator, and the U.S. Department of Energy’s Oak Ridge National Laboratory (ORNL) have announced a new partnership that they hope will bring change to the automotive industry.

Robots Showcase Skills at DRC

Jan 22, 2014 | A month ago, the DARPA Robotics Challenge Trials (DRC) commenced. The main goal of the event was to aid in the development of robots that will someday respond to natural or even man-made disasters. At this year’s DRC, prototype robots from 16 teams were put through a series of trials in which they were to showcase their skills.

Advanced Modeling Benefits Wind Farms

May 25, 2011 | Advanced computing resources optimize the site selection of wind farms.

Not Your Parents' CFD

Oct 13, 2010 | Outdated beliefs stand in the way of greater CFD adoption.

Manufacturers Turn to HPC to Cut Testing Costs

Oct 06, 2010 | Supercomputing saves money by reducing the need for physical testing.

Sponsored Whitepapers

Technical Computing for a New Era

07/30/2013 | IBM | This white paper examines various means of adapting technical computing tools to accelerate product and services innovation across a range of commercial industries such as manufacturing, financial services, energy, healthcare, entertainment and retail. No longer is technically advanced computing limited to the confines of big government labs and academic centers. Today it is available to a wide range of organizations seeking a competitive edge.

The UberCloud HPC Experiment: Compendium of Case Studies

06/25/2013 | Intel | The UberCloud HPC Experiment has achieved the volunteer participation of 500 organizations and individuals from 48 countries with the aim of exploring the end-to-end process employed by digital manufacturing engineers to access and use remote computing resources in HPC centers and in the cloud. This Compendium of 25 case studies is an invaluable resource for engineers, managers and executives who believe in the strategic importance of applying advanced technologies to help drive their organization’s productivity to perceptible new levels.

Conferences and Events

Featured Events

Copyright © 2011-2014 Tabor Communications, Inc. All Rights Reserved.
Digital Manufacturing Report is a registered trademark of Tabor Communications, Inc. Use of this site is governed by our Terms of Use and Privacy Policy.
Reproduction in whole or in part in any form or medium without express written permission of Tabor Communications Inc. is prohibited.
Powered by Xtenit.