Previous Page  41 / 84 Next Page
Information
Show Menu
Previous Page 41 / 84 Next Page
Page Background

Figure 1. Smart car systems

knew if it was just that one car, or all

models, all cars.

In September 2012, Charlie and

Chris got a DARPA Cyper Fast Track

grant that gave them enough money

to buy a car. They decided they

wanted a car with automatic parking

since then the steering would have

to be controllable, too. And it had to

be cheap. They got a Toyota Prius.

Apparently it was the easiest sale

ever for the dealership, since they

didn't care about the color or the

options. Provided it had automatic

parking, they would take it.

They rapidly discovered how to

control the car once plugged into

the OBD-II port. They could control

the brakes, the windscreen wipers,

the radio, and so on. Once again,

nobody was impressed since they

had physical access to the vehicle.

It seemed that they would have to

repeat everything.

The Jeep

So this time, it was the Jeep. The

short version of the story is that

they discovered how to remotely

compromise the vehicle, Wired

magazine published the article,

and a few days later Fiat Chrysler

recalled 1.4 million vehicles at a cost

of perhaps $14B.

But a lot of good came out of this

since they released everything: the

vulnerabilities, their code, and so

on. Automotive hacking doesn't

scale if it is just the two of them.

The academic researchers published

stuff without details, and were

largely ignored. Charlie and Chris

told Chrysler that they would publish

in nine months, and as far as they

could see, Chrysler did nothing.

But once the Wired article came

out, the recall happened within a

week. Clearly, publishing everything

was the approach that got people

protected the quickest.

At this point, they could control a

lot of the vehicle but only if it was

moving slowly. There were interlocks

in the car to stop, for example,

trying to automatically park the car

when going 50mph on the freeway.

But then they got to the stage where

they could control the vehicle at any

speed.

electronic features aka

targets

How does this happen? It came

about historically. Lots of electrical

stuff got added to cars. Eventually,

the weight of the wiring harness was

a big issue (it affects both cost and

fuel economy) and the automotive

industry came up with CAN bus, a

network. It had no security since

it was only used for trusted things

talking to trusted things. Then cars

started to get connectivity to the

New-Tech Magazine Europe l 41

1 36 37 38 39 40 41 42 43 44 45 46 47 84  FlippingBook