Cars Hacked Via MP3's

It's not just your computer that's at risk of malware - dodgy MP3s can now take over your car. Last year, a team of researchers at the US Center for Automotive Embedded Systems Security revealed how automobile computer systems could be hacked via the On-Board Diagnostics (OBD-II) port, an access point typically used by engineers to download data on the vehicle's health. Through this, they were able to hijack the car, allowing the researchers to disable the brakes, turn the engine on and off, and control electrical systems such as the odometer, lights, climate control, radio and locks.

Building on this, a team of security experts from the University of California, San Diego, and the University of Washington, led by Professor Stefan Savage, have now identified a variety of weak points through which hackers can gain access to a vehicle's computer systems remotely.

In one example, cellphone hardware installed in luxury cars was attacked, allowing the team to inject malicious code into the car's electronic controls. In theory, hackers could then sell the car to a thief, giving them its location and unlocking it remotely. The team also managed to take control of the car using a Trojan app on a phone that used an Android operating system and had been paired with the car's Bluetooth system.

Another weak point identified was the stereo system, often integrated into other electronic systems such as climate control and GPS. The researchers were able to show that software embedded in an MP3 file could install itself into the car's firmware, enabling similar exploits to those above. If the car had a self-parking system, it could in theory be driven away by the hacker.

The as-yet-unpublished research was presented to the National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, established to investigate the safety and security of automobile electronics following the large-scale recall of malfunctioning cars in 2010.

Source

Opportunity for TPBT?

reply to post by Serizawa

Yeah. Last point. I was thinking bluetooth and Lady Di.

reply to post by sirjunlegun


I don't think it had anything to do with her death as her car cannot even be compared technologically to the cars we have now. As for bluetooth there's always a possibility, The cars tire sensors may also be used to hack.

reply to post by Serizawa



More specific, I meant it would be easy to do a modern hit that way! That is crazy.

Seems a little hyped to me.

While some systems - like onboard navigation and blue-tooth could be connected, reasonably - it would make no sense for that to be integrated into the same systems that control things such as the engine, brakes, etc. Though, I look at it from the perspective of how I would design a vehicle's electronics system... and my perspective tends to be a bit less shoddy.

In either case - it doesn't sound like a very practical threat. There's a lot of key hurdles that must be overcome before you can even begin to try and 'hack' a car. The hacking process, itself, would be entirely dependent upon the make and model of the car - and even the operating system of any phones used to try and do the same.

A lot of stars have to align for a hacker to be successful. The payoff is also rather low for such a long and patient wait. Seems more of a gimicky thing, to me. Though any efforts made to improve the security of electronic systems are generally welcome.