TribLIVE

| Business

 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Computer experts hack cars, exposing vulnerabilities

Email Newsletters

Click here to sign up for one of our email newsletters.

On the Grid

From the shale fields to the cooling towers, Trib Total Media covers the energy industry in Western Pennsylvania and beyond. For the latest news and views on gas, coal, electricity and more, check out On the Grid today.

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

By The Associated Press
Wednesday, Sept. 4, 2013, 12:01 a.m.
 

DETROIT — As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?

In recent demonstrations, hackers have shown they can slam a car's brakes at freeway speeds, jerk the steering wheel and even shut down the engine — all from their laptops.

The hackers are publicizing their work to reveal vulnerabilities in a growing number of car computers. All cars and trucks contain anywhere from 20 to 70 computers. They control everything from the brakes to acceleration to the windows, and are connected to an internal network. A few hackers have recently managed to find their way into these intricate networks.

In one case, a pair manipulated two cars by plugging a laptop into a port beneath the dashboard where mechanics connect their computers to search for problems. Scarier yet, another group took control of a car's computers through cellular and Bluetooth connections, the compact disc player and even the tire pressure monitoring system.

To be sure, the “hackers” involved were well-intentioned computer security experts, and it took both groups months to break into the computers. And there have been no real-world cases of a hacker remotely taking over a car. But experts say high-tech hijackings will get easier as automakers give them full Internet access and add computer-controlled safety devices that take over driving duties, such as braking or steering, in emergencies. Another possibility: A tech-savvy thief could unlock the doors and drive off with your vehicle.

“The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes,” says Rich Mogull, CEO of Phoenix-based Securosis, a security research firm. “Anything with a computer chip in it is vulnerable, history keeps showing us.”

In the past 25 years, automakers have gradually computerized functions such as steering, braking, accelerating and shifting. Electronic gas pedal position sensors, for instance, are more reliable than the old throttle cables. Electronic parts also reduce weight and help cars use less gasoline.

The networks of little computers inside today's cars are fertile ground for hackers.

Charlie Miller, a St. Louis-based security engineer for Twitter, and fellow hacker Chris Valasek, director of intelligence at a Pittsburgh computer security consulting firm, maneuvered their way into the computer systems of a 2010 Toyota Prius and 2010 Ford Escape through a port used by mechanics.

“We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge,” Valasek said. The two used a federal grant to expose the vulnerability of car computers. Even with their expertise, it took them nine months to get in.

Valasek and Miller released a report, including instructions on how to break into the cars' networks, at a hacker convention in August. They said they did so to draw attention to the problems and get automakers to fix them. The pair say automakers haven't added security to the ports.

Ford wouldn't comment other than a statement saying it takes security seriously, and that Miller and Valasek needed physical access to the cars to hack them.

Toyota said it has added security and continually tests to stay ahead of hackers. The company said its computers are programmed to recognize and reject rogue commands.

Subscribe today! Click here for our subscription offers.

 

 


Show commenting policy

Most-Read Business Headlines

  1. U.S. Steel to debut oil, gas pipeline connector
  2. Alcoa among 13 firms in $140B carbon-footprint pledge
  3. Ambridge’s PittMoss takes off with help from TV show, Mt. Lebanon native Cuban
  4. Federal safety regulators go into bulldog mode on how automakers handle recalls
  5. Israel’s Teva drops bid for Mylan, buys Allergan for $40.5B
  6. Wabtec moves to buy France-based transport company
  7. Pitt to start Energy Law and Policy Institute
  8. Plummeting natural gas prices slash revenue of Marcellus shale producers
  9. Urban rentals pit old vs. young
  10. Opulent listings get high-end treatment
  11. Muni bond funds stressed