Hackers figuring out cars now

With new tech comes new issues, this was only a matter of time....
A team of university researchers has been able to hack into a car's warning systems via wireless sensors, sending fake tire pressure messages at highway speeds and eventually frying an onboard computer. The dawn of the carhacker approaches.

We've told you before about experiments to hack into the increasingly complicated programming in modern vehicles. How complicated? A typical luxury sedan will carry three miles of wiring, scores of processors and close to 100 million lines of software code, or roughly 20 times more than used in a F-35 Joint Strike Fighter.

Those previous experiments showed what could be done with a physical connection to a vehicle's computer. The new work by teams from the University of South Carolina and Rutgers tried a different tack: spoofing the wireless sensors in wheels used by tire pressure monitoring systems, required in all new U.S. vehicles since 2008.

The researchers didn't find a wide-open door so much as the security employed by a 1920s speakeasy: once they learned the secret knock, the unidentified test car's controls let them in no questions asked. The team sent fake warning messages from 40 meters away, and in another experiment, got the test car to flash a warning that a tire had lost all pressure while beaming the signal from another car as both drove 68 mph.

Because each sensor uses a unique ID tag, it was also possible to track specific vehicles, in a way that would be far less noticeable than roadside cameras.

The hacked car usually reset its warnings after the spoofed messages stopped. But after two days of tests, the electronic control unit for the tire monitors fell off its twig and had to be replaced by a dealer. The researchers note that it took several hours of graduate-level engineering to devise their tools and crack into the monitors, but that the actual technology for doing so cost about $1,500.

The teams suggest some basic software rules could provide at least a lookout for the speakeasy door. it's not the auto equivalent of the Conficker worm, but such experiments suggest the tools for an actual hack may exist. Thankfully, many Americans already have a strong defense of ignorance: Nearly half apparently don't understand what a tire pressure warning light looks like, and a third don't even know such systems exist.

Source;
http://jalopnik.com/5610373/hackers-wirelessly-crash-cars-computer-at-highway-speeds

CarShark Software Lets You Hack Into, Control And Kill Any Car

Whoa! Yikes!
CarShark's a computer program that'll let someone hack into a car's onboard computer system to kill the brakes, disable the engine, blast music and otherwise wreak electronic havoc. It's both clever and absolutely frightening. Here's how it works.

A team of researchers led by professors at the University of Washington and USCD hacked the Controller Area Network (CAN) system installed on all new cars built in the United States to show how potentially vulnerable the system is. The CAN is supposed to allow onboard vehicle systems to communicate so problems are easier to diagnose, but the hands of these hackers it's the open door to disabling a vehicle.

The researchers connected to the car via a simple OBD-II computer port and using the CarShark program, identified the packets of information being trafficked across the CAN. For some hacks they used a process called "fuzzing" and sent random bits of code to disrupt them. This caused horns to blow, trunks to pop and even the brakes to stop functioning. There's supposed to be a failsafe override for the brakes, but jamming the ABS solenoids could lock up the brakes so they're not usable.

The most frightening attack is called "self-destruct" and essentially counts down from 60 seconds on the dash clock and then shuts off the engine and locks the door.

Don't freak out too much. It's not a simple task for someone without a degree in computer science to access the CAN and rewrite the code for a modern car, but that it's possible at all is something scientists think automakers need to consider when protecting these systems.
The full research report can be found here.

Source;
http://jalopnik.com/5539181/carshark-software-lets-you-hack-into-control-and-kill-any-car