Hackers Target ‘Smart’ Cars

As written for Technobabble on MSN

Is any system beyond a hacker’s reach anymore? Well-wired vandals and criminals have recently attacked Facebookdebit-card databases and cash machinesgaming devices, and even the email accounts of the Bush family. It’s now clear that hackers can even tap into the network of built-in computers running in contemporary cars like the Toyota Prius — and potentially every other vehicle sold today.

Contemporary cars and other vehicles have small onboard computers that control and monitor a range of functions. Electronic control units, or ECUs, were first manufactured in cars three decades ago to optimize an engine’s mix of gasoline and air, functioning essentially as a digital carburetor, during the gas crisis of the early 1980s.

But their efficiency and reliability over mechanical systems have led to dozens more applications over the years. Today, ECUs are used in vehicles to engage anti-lock brakes, run cruise-control systems, check tire pressure, and light up dashboard warnings. Digital sensors can flag you when your belt isn’t fastened or assist a driver in parallel parking.

All of these electronic controllers communicate under your hood within an open network. And that network can be hacked — with potentially dangerous results.

NPR reports that veteran hackers Chris Valasek and Charlie Miller are specialists in infiltrating the networks that help automobiles run. Luckily for you, their expertise is used for good. Working on a grant from the Defense Advanced Research Projects Agency (DARPA), which aims to protect U.S. interests from technological sabotage, Valasek and Miller wanted to demonstrate how vulnerable modern cars are to cyber-attack, and to what extent an automobile could be controlled against a driver’s will.

The pair cracked the code controlling the ECUs on two cars in particular, the Toyota Prius and Ford Escape, to wreak all kinds of havoc with a few remote clicks of a keyboard.

In the Prius, they were able to cause the car to accelerate or brake. They could jerk the steering wheel while the car was at high speed, or set off its crash preparation system, or yank the seatbelts back.

In the Escape, they could turn the wheel and disable the brakes. NPR notes a lighter moment in the research, when Miller forgot the hack was running on the Escape and drove it into his own garage.

“My lawnmower — it was destroyed, utterly,” Miller told NPR. “The lawnmower was perhaps the first cyber-attack-in-a-car victim.”

It’s legitimately worrisome, however, that malicious hackers could at some point exploit these vulnerabilities. Valasek and Miller hope that their cyber-attack research will prompt auto manufacturers to address the vulnerabilities before anyone gets hurt. Toyota and Ford were both reportedly informed of the DARPA-funded project, and maintain that their cars are safe.

Valazek and Miller have previously set off the alarm for car owners by showing how a hacker can disable a vehicle’s brakes and by demonstrating a digital carjacking.

Miller and Valasek

Charlie Miller sitting shotgun and Chris Valasek at the dismantled dash of a Prius. Miller says he is not a crash test dummy.