Vehicles Hacked Through Text Messages
As per reported by Engadget, the researchers from the University of California at San Diego claim to have a technique by which they can wirelessly hack into thousands of vehicles. By sending SMS messages to a dongle, a 2-inch device that plugs into the dashboards of many cars and trucks, used to track speed and location, researchers are able to send commands to a vehicle’s CAN bus-the system that controls a vehicle’s physical driving components. They can access a vehicle’s windshield wipers, turn signals, and even the brake system.
The project is headed by UCSD computer security professor Stefan Savage. He said,
We acquired some of these things, reverse-engineered them, and, along the way, found that they had a whole bunch of security deficiencies.
The results, “provide multiple ways to remotely…control just about anything on the vehicle they were connected to,” said Savage.
The above video shows the researchers demonstrating their capabilities on a 2013 Corvette. Standing in sight of the car, with just their phone, they were able to access the windshield wipers, as well as the brake system. The researchers admitted that accessing the brakes only worked at low speeds due to the computer functions of the Corvette but added that they can target nearly any other vehicle that uses the technology and manipulate almost any system within that vehicle.
The dongle the researchers accessed is the OBD2 dongle, built by Mobile Devices and distributed by San Francisco-based insurance startup Metromile. They give the dongle to customers to track cars and monitor distance traveled.
The UCSD research team contacted Metromile in June about having been able to access vehicles using the dongle, and Metromile CEO Dan Preston responded.
“We took this very seriously as soon as we found out. Patches have been sent to all the devices.”
Preston said Metromile transmitted the security update, created by Mobile Devices, over the air to its customers.
Mobile Devices didn’t go into detail about the security update, and the UCSD researchers say they haven’t fully examined it, either. UCSD researcher Karl Koscher warns people to be wary of what they plug into their car. “It’s hard for the regular consumer to know that their device is trustworthy or not, but it’s something they should give a moment’s thought to. Is this exposing me to more risk?”
Federal agencies with a fleet of more than twenty vehicles are required to use telematics systems. That could mean this vulnerability is more than just a consumer issue.
Professor Savage agrees:
“Given that we’ve seen a complete remote exploit and these things aren’t regulated in any way and their use is growing…I think…yes, there will be problems elsewhere.”
Image from Darren Brode / Shutterstock.