Home » Topics » Cybersecurity » Another blow for connected cars? Hackers bring a Corvette car to a stop via text message

Another blow for connected cars? Hackers bring a Corvette car to a stop via text message

Avatar photoby Ben Rossi

Hackers have demonstrated that a device used to track your driving habits can be used to remotely take over your car via text message.

The hackers, Ian Foster and Andrew Prudhomme from the University of California, SanDiego, showed in a video how they are able to turn on the windscreen wipers and apply the brakes on a Corvette, using only a mobile phone.

> See also: Are we ready for driverless cars?

Their point of entry was a telemetics control unit – a palm-sized dongle that plugs into a car's standard onboard diagnostic port to monitor data including speed, distance and braking, sending the information back to insurance companies.

'We show that these devices can be discovered, targeted and compromised by a remote attacker,' said the researchers in their paper, 'and we demonstrate that such a compromise allows arbitrary remote control of the vehicle. This problem is particularly challenging because, since this is aftermarket equipment, it cannot be well addressed by automobile manufacturers themselves.'

The future of M2M technology depends on the ability to secure it. But recently the news has been filled with stories of connected cars being compromised. A hack of a Jeep via its in-dash entertainment system led to Fiat Chrysker recalling 1.4 million vehicles for emergency software updates. And at DEF CON last week, hackers successfully issued a 'kill' command to a Tesla Model S electric car, shutting down its vehicle's systems and bringing it to a stop.

> See also: Connected cars are the future, but how far along the road are we?

Ken Westin, Senior Security Analyst at Tripwire explains how and why this is possible: 'One of the trends I am seeing in automotive system vulnerabilities is that many of these systems are using networks and protocols designed for cellular and IP networks; these tools were designed to facilitate human to human interaction. When these networks and protocols are repurposed for machine to machine communication, they become vulnerable to a variety of different threat models.'

When a cell phone is compromised there is a potential for data to be compromised, which is an inconvenience.

However, says Westin, 'when machine to machine communications over cellular or IP networks are compromised it leads to a kinetic attack that could result in serious injury or even loss of life.'

Watch below to see how the how the hackers took control of a Corvette in less than 60 seconds:

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Connected Car

Related Stories

Cybersecurity

Cutting the cord: Can Air-Gapping protect your data?

Isolating hardware from the internet deters hackers, but at a huge cost. Charles Orton-Jones investigates the tactic of Air-Gapping

Cybersecurity

Can NIS2 and DORA improve firms’ cybersecurity?

Daniel Lattimer, Area VP at Semperis, explores NIS2 and DORA to see how they compare to more prescriptive compliance models

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks