Computer scientists and hackers challenge car security in Las Vegas
Las Vegas will be hosting a major hacking conference next month called DefCon 21, and there is interesting talk coming from it promising to reveal security shortcomings of the electronic network systems of modern cars.
The talk will be entitled Adventures in Automotive Networks and Control Units and will be presented by Twitter security engineer Charlie Miller and IOActive director of security intelligence Chris Valasek. The talk will be focused on hacking into the vehicle’s electronic control units (ECU) and show how controls can be overridden.
According to the abstract of security experts, the duo will first look at the requisite tools and software one would need in order to analyze a Controller Area Network (CAN) bus before then demonstrating the software to show how data can be read and written to the CAN bus.
After that setup, they will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering for instance.
And the pair will conclude by discussing the aspects of reading and modifying the firmware of ECUs installed in modern cars.
By hacking into a vehicle’s ECU via a diagnostics port that is meant for use by mechanics to diagnose mechanical issues, the two will be able to manipulate the steering, brakes, horn, seat belts, fuel gauge and speedometer of a Toyota Prius and Ford Escape.
The DefCon event has been going on for the past 21 years, and for the first time in its history it has asked the US federal government to stay away, considering the recent revelations in regards to the NSA spying on basically everybody’s digital communications.
In similar car hacking news, a group of scientists were prevented from releasing information about cracking an ignition key security encryption system used by many manufacturers including the Volkswagen Group.
The three scientists however argued that the public have a right to know the weaknesses insecurity while also stressing that their paper describes a complex technique requiring $83,700 worth of equipment and two days of computer processing.