Hackers have demonstrated that a device used to track your driving habits can be used to remotely take over your car via text message.
The hackers, Ian Foster and Andrew Prudhomme from the University of California, SanDiego, showed in a video how they are able to turn on the windscreen wipers and apply the brakes on a Corvette, using only a mobile phone.
> See also: Are we ready for driverless cars?
Their point of entry was a telemetics control unit – a palm-sized dongle that plugs into a car's standard onboard diagnostic port to monitor data including speed, distance and braking, sending the information back to insurance companies.
'We show that these devices can be discovered, targeted and compromised by a remote attacker,' said the researchers in their paper, 'and we demonstrate that such a compromise allows arbitrary remote control of the vehicle. This problem is particularly challenging because, since this is aftermarket equipment, it cannot be well addressed by automobile manufacturers themselves.'
The future of M2M technology depends on the ability to secure it. But recently the news has been filled with stories of connected cars being compromised. A hack of a Jeep via its in-dash entertainment system led to Fiat Chrysker recalling 1.4 million vehicles for emergency software updates. And at DEF CON last week, hackers successfully issued a 'kill' command to a Tesla Model S electric car, shutting down its vehicle's systems and bringing it to a stop.
Ken Westin, Senior Security Analyst at Tripwire explains how and why this is possible: 'One of the trends I am seeing in automotive system vulnerabilities is that many of these systems are using networks and protocols designed for cellular and IP networks; these tools were designed to facilitate human to human interaction. When these networks and protocols are repurposed for machine to machine communication, they become vulnerable to a variety of different threat models.'
When a cell phone is compromised there is a potential for data to be compromised, which is an inconvenience.
However, says Westin, 'when machine to machine communications over cellular or IP networks are compromised it leads to a kinetic attack that could result in serious injury or even loss of life.'
Watch below to see how the how the hackers took control of a Corvette in less than 60 seconds: