New-Tech Europe | Dec 2016 | Digital Edition

Previous Page

Next Page

Page Background

Charlie Miller gave a keynote at ARM

TechCon on automotive security. He

is regarded as one of the world's

most proficient hacker, although he

is one of the good guys (a white hat

in security parlance). He has a PhD,

worked for the NSA, and is currently

the senior security engineer at

Uber. He works alongside Chris

Valasek. You probably don't know

their names, but you may know

of their work. They were the two

engineers who took control of a

Wired journalist's Jeep, memorably

reported as Hackers Remotely Kill a

Jeep on the Highway—With Me in It.

Or watch the video:

Car Hacking History

Charlie said that car hacking started

around 2010. Some academic

researchers from University of

Washington and UCSD plugged a

device into the federally mandated

on-board diagnostic port (OBD-II

port) and could control the brakes,

the windscreen wipers, and so on.

They published their results under

the catchy title Experimental Security

Analysis of a Modern Automobile.

This was not well received by either

academia nor the car companies,

who all pointed out that if you have

physical access to the car (which

you need to plug something into

the OBD port) then of course you

can do bad stuff. You could cut the

brake lines, too.

So they took on that challenge.

The next year, they produced

another paper, even more catchily

titled Comprehensive Experimental

Analysis of Automotive Attack

Surfaces. This time they attacked

remotely and showed three ways to

do it. The first involved Bluetooth

(so was remote, but you had to be

nearby), one was using a CD with a

malicious MP3 track, and the most

important was through OnStar. They

could dial in from anywhere and

take control. They could dial up the

cellular modem in the car with a real

phone, get the audio modulation

tones, and then provide their own

data. Charlies said it was "right out

of an 80s TV show."

Charlie and Chris Get

Interested

Charlie started to get interested in

this. The academics had basically

done everything but not given any

technical details about what bugs

they were exploiting, or even what

kind of car it was (a Malibu). Nobody

Automotive Security: A Hacker's Eye View

Paul McLellan, Cadence

40 l New-Tech Magazine Europe