With thousands of new cars and trucks equipped with factory-installed Wi-Fi, hackers have lots of new targets on the road. An I-Team investigation found it is already possible to use Wi-Fi to control key electronics of vehicles from long distances.
Using a Wi-Fi dongle, a small electronic gadget easily purchased online for about $10, auto hacker Craig Smith allowed the I-Team to control the headlights and windshield wipers of a Mazda parked in Seattle from a laptop computer in New York City. The dongle gave wireless access to a port underneath the steering wheel -- the same port used by mechanics to diagnose problems.
“We’re using the same signals that would normally be used by the vehicle," Smith said. "We’re just now controlling them from the Internet.”
Smith, a paid consultant who works with automakers to find their software vulnerabilities, was able to decipher the computer code “packets,” which are basically series of numbers and letters that work to turn on wipers and headlights.
When typed into the I-Team's laptop, the packet codes took a few seconds to travel over the Internet from New York to Seattle and the wipers and lights turned on at off at on command.
Joshua Corman, co-founder of IAmTheCavalry.org, a nonprofit that seeks to warn businesses and governments about software vulnerabilities, said the hacking demonstration replicates a potential security risk in thousands of cars of all brands -- not just Mazda.
“Software controls the brakes. It controls your lights. It can deploy your airbag. It can tighten the seatbelt,” said Corman, rattling off a list of potential electronic targets.
“The one that personally scares me the most is, now that there is a parking assist features on a lot of these cars, there is a very powerful motor on the steering column,” Corman said. “It is more powerful than you are and can often be used to rip the steering wheel out of your hand while you are driving.”
In response to the cross-country hacking demonstration, Mazda spokesman Nick Beard said the company “is aware of the growing concerns related to the possibility of vehicle hacking, the ability to potentially retrieve personal information and alter the vehicle’s driving characteristics, through unauthorized electronic access."
Beard stressed that Mazda is continually working to “improve the security of our vehicles, including our proprietary vehicle software, as we develop and incorporate even more advanced electronic features in our vehicles.”
Smith says he only hacked the Mazda because it was the first car he could get in his garage. Smith would not say what car companies he has worked for but said he had no relationship to Mazda. He says the same demonstration could apply to dozens of makes and models. Although this hack relied on a Wi-Fi dongle to relay commands from New York to the car’s central processor in Seattle, Smith says he has successfully hacked other cars without ever accessing the interior of the vehicle.
A study released this week by Sen. Ed Markey (D-Massachusetts) found only two of 16 automobile manufacturers were able to describe any capabilities to diagnose a hacker attack executed over the wireless communication systems of their vehicles or respond to it in real time.
Kathleen Fisher, a project manager for the federal Defense Advanced Research Projects Agency (DARPA), said researchers at the University of California San Diego and University of Washington had used wireless entry points to attack vehicles and take control of their electronics as early as 2012.
“These attacks involved infecting the computers in the repair shop and then having that infection spread to the car through the diagnostic port, or hacking in through the Bluetooth system, or using the telematics unit that’s normally used to provide roadside assistance,” Fisher said.
IAmTheCavalry.org has sent an open letter to the automotive industry, asking vehicle manufacturers to embrace a five-point cyber safety rubric.
But the push to secure vulnerable software goes way beyond car hacking. IAmTheCavalry.org is also urging medical device makers, public infrastructure operators, and manufacturers of home appliances to protect their software as well.
Researchers have demonstrated how Wi-Fi-connected IV pumps -- the kind found at countless hospitals -- could be attacked and instructed to deliver errant doses of insulin.
Hackers have also attacked industrial controllers -- the modules that communicate with power plants, water distribution systems and other critical infrastructure.
Hackers like Smith and Tom Parker, a professional hacker hired by petroleum and financial companies to find their software vulnerabilities, are called “white hats,” researchers who try to warn companies and governments their software is exposed to the malicious hackers known as “black hats.”
Too often, Parker says, industrial controllers are connected directly to the Internet and thus vulnerable to attack.
“When you get up in the morning and get in your car to go to work, by the time you’ve gotten to work and sat down at your desk, you’ve literally interacted with probably several hundred of those controllers from when you turn on the tap to brush your teeth, to when you turn on the power to when you turn on your car engine,” Parker said.
Wade Newton, a spokesman for the Auto Alliance, a trade group representing 12 major automakers, said vehicle manufacturers are well aware of cyber threats to onboard electronics and are currently using “threat modeling” and simulated attacks to test their software security. Additionally, he said, the Society of Automotive Engineers, the US Council for Automotive Research, and DARPA have projects to strengthen protocols and best practices.
“Auto engineers incorporate security solutions into vehicles from the very first stages of design and production – and their security testing never stops,” Wade said.