New-Tech Europe | December 2016 | Didital Edition

Automotive Security: A Hacker's Eye View

Paul McLellan, Cadence

remotely and showed three ways to do it. The first involved Bluetooth (so was remote, but you had to be nearby), one was using a CD with a malicious MP3 track, and the most important was through OnStar. They could dial in from anywhere and take control. They could dial up the cellular modem in the car with a real phone, get the audio modulation tones, and then provide their own data. Charlies said it was "right out of an 80s TV show." Charlie and Chris Get Interested Charlie started to get interested in this. The academics had basically done everything but not given any technical details about what bugs they were exploiting, or even what kind of car it was (a Malibu). Nobody

Washington and UCSD plugged a device into the federally mandated on-board diagnostic port (OBD-II port) and could control the brakes, the windscreen wipers, and so on. They published their results under the catchy title Experimental Security Analysis of a Modern Automobile. This was not well received by either academia nor the car companies, who all pointed out that if you have physical access to the car (which you need to plug something into the OBD port) then of course you can do bad stuff. You could cut the brake lines, too. So they took on that challenge. The next year, they produced another paper, even more catchily titled Comprehensive Experimental Analysis of Automotive Attack Surfaces. This time they attacked

Charlie Miller gave a keynote at ARM TechCon on automotive security. He is regarded as one of the world's most proficient hacker, although he is one of the good guys (a white hat in security parlance). He has a PhD, worked for the NSA, and is currently the senior security engineer at Uber. He works alongside Chris Valasek. You probably don't know their names, but you may know of their work. They were the two engineers who took control of a Wired journalist's Jeep, memorably reported as Hackers Remotely Kill a Jeep on the Highway—With Me in It. Or watch the video: Car Hacking History Charlie said that car hacking started around 2010. Some academic researchers from University of

40 l New-Tech Magazine Europe