A pair of security experts have demonstrated that by using a laptop, an old game controller and some software, it’s possible to tap into the onboard computer chip in some modern cars and take control of them.
Hacking into the onboard computer of a car in order to control it sounds like something you’d see in a bad action movie. As it turns out though, it’s quite possible to do in real life, as two security experts have demonstrated to the BBC. Using only a laptop, some software and an NES controller, Charlie Miller and Chris Valasek were able to commandeer a car, making it do as they pleased regardless of what the driver was doing.
The hack requires a physical device to be connected to the car’s electronic control unit through the diagnostics port, as well as custom software written by Miller and Valasek. When they hooked up to their test vehicles, a 2010 Ford Escape and Toyota Prius, the software then gave them complete control of steering, acceleration, breaking and even the horn. Gauges can be overridden too, including the speedometer and fuel gauge. Perhaps most frightening of all is that the software completely overrides the driver’s input.
Toyota commented on the hack, saying it wasn’t a hack since you have to be physically connected to the car, and that it wasn’t really a security concern, for the same reason. “The presence of a laptop or other device connected to the [diagnostics port] would be apparent,” said a spokesperson. Toyota cars do have a firewall onboard to shield against wireless hacking attempts however, and Toyota was quick to defend the firewall’s ability to ward off remote attacks.
I wonder if the Konami code does anything
Miller and Valasek say that Toyota is missing the point of their experiment. Rather than demonstrate a way to commandeer cars, they wish to highlight a serious problem with the vehicles: The software doesn’t seem to care where commands are coming from.