Researchers hack cars to remotely control steering and brakes

As more electronics are introduced into vehicles the danger from hacking attacks also rises

James Vincent
Friday 26 July 2013 13:15 BST
 view of the interior of the McLaren MP4-12C high-performance sports car in New York September 16, 2010.  REUTERS/Eduardo Munoz
view of the interior of the McLaren MP4-12C high-performance sports car in New York September 16, 2010. REUTERS/Eduardo Munoz

A pair of US hackers sponsored by the Pentagon’s research facility Darpa, have demonstrated their ability to hack the computers in cars, remotely controlling the acceleration, braking and steering inside a Ford Escape and Toyota Prius.

This new threat is thanks to the growing ubiquity of electronic control units (ECUs); small computers that are installed in the majority of modern cars in order to control a whole range of functions from heated seats to emergency crash avoidance.

Charlier Miller, a security engineer at Twitter, and Chris Valasek, the Director of Security Intelligence at IOActive received an $80,000 grant from the US government in order to research these new vulnerabilities. The pair will present their full findings at hacker conference Def Con in Las Vegas next month.

The hacks were accomplished by connecting to the cars’ computers via the on-board diagnostics port, usually used by mechanics to identify faults. From this entry point Valasek and Miller sent a series of instructions to the car that overrode commands from the driver.

The pair were able to change the read-out on the fuel tank and the speedometer, disable the brakes, tighten the seat-belts (the cars engage this function in the event of a crash) and even take control of the wheel, remotely swerving the vehicle to the side – a hack that could be deadly on a busy road.

Toyota were dismissive of the research, claiming that the cars were not actually ‘hacked’ because the work required physical access to the car. Valasek and Miller have responded by noting that wireless access to cars’ on-board software has been possible since 2010, with a range of techniques from Bluetooth bugs to app malware used to gain access.

The pair said that connecting the dots between remotely accessing a vehicle’s software and hacking those same systems isn’t difficult.

Valasek and Miller hope that their research will alert the car industry to the dangers of on-board electronics. "We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars,” Miller told the BBC.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in