Auto makers over the years have paid less attention to the threat that hackers can attack their trucks and car systems. This is based on their argument that their vehicles have increasingly networked systems which are protected through varlet wireless intrusion. Well two researchers have a different thought as they are planning to demonstrate that how two minutes in a car with a small device can enable them to gain wireless control over it.
Two Spanish security researchers are planning to come up with a demonstration at a security conference in Singapore, where they will demonstrate how a small device that they have built can enable them to gain wireless access over some trucks and cars.
The device only costs about 20 dollars and it can be connected to the internal network of the car for the purpose of injecting malicious commands. These commands will effect a lot of functions of the car i.e. headlight functions, brakes functions and steering functions.
The size of this gadget is about 1/3 of the size of an Apple iPhone. The device attaches four wires to the CAN bus of a networked vehicle and draws power from the electronic system of the vehicle. It then waits to relay the wireless commands that come from remotely from the attacker’s computer. The gadget has been named as the CAN hacking tool. This small sized device could hack a car,lets see how researchers demonstrate in the following video.
“It can take five minutes or less to hook it up and then walk away,” says Vazquez Vidal, who works as a automobile IT security consultant in Germany. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”
Vazquez Vidal which is one of the researchers behind this tool is of the view that the type of commands which can be injected through the device depends on the car’s model. They have tested their device for 4 different models of vehicles under 4 different unnamed companies.
These tests included simple mischiefs in the form of switching off the headlights, turning on the alarm, rolling of the widows, and also included access to the emergency brake system and the anti-locking brake system. The researchers have also told that some of the cars required access to the trunk of the car for injecting the device, while others could be controlled by simply crawling under them and planting the device.
The device till now can only operate through a Bluetooth. The limits the range from where the attack can be made i.e. only a few feet. But the researchers say that before they give demonstration at Singapore, they will upgrade the device so that it can be
operated through GSM cellular radio. This would enable them to conduct their attacks from miles away.
Vazquez Vidal said that all the components that have been used in making the device are simple and easily available. The device is though untraceable, it will not provide evidence regarding its planter in case it is traced.
This work carried out by Spanish workers will add a lot of focus towards the fact that networked automobiles are prone to attacks from hackers.
Well this has raised a lot of security concerns because of the fact that many high-profiled or most of the high-profiled people use networked automobiles. It may be for this reason that Senator Edward Markey has sent a letter to 20 different automobile makers, in which he has asked them to provide details of their security practices.
Well Toyota has brushed off this device by pointing towards the aspect that this device requires physical access to the car for the purpose of carrying out the hacking. They say that they are more focused towards prevention of such hacking activities from some remote and wireless device that is not needed to be planted in the car.
Source : Hackread