Figure 1. Smart car systems
knew if it was just that one car, or all
models, all cars.
In September 2012, Charlie and
Chris got a DARPA Cyper Fast Track
grant that gave them enough money
to buy a car. They decided they
wanted a car with automatic parking
since then the steering would have
to be controllable, too. And it had to
be cheap. They got a Toyota Prius.
Apparently it was the easiest sale
ever for the dealership, since they
didn't care about the color or the
options. Provided it had automatic
parking, they would take it.
They rapidly discovered how to
control the car once plugged into
the OBD-II port. They could control
the brakes, the windscreen wipers,
the radio, and so on. Once again,
nobody was impressed since they
had physical access to the vehicle.
It seemed that they would have to
repeat everything.
The Jeep
So this time, it was the Jeep. The
short version of the story is that
they discovered how to remotely
compromise the vehicle, Wired
magazine published the article,
and a few days later Fiat Chrysler
recalled 1.4 million vehicles at a cost
of perhaps $14B.
But a lot of good came out of this
since they released everything: the
vulnerabilities, their code, and so
on. Automotive hacking doesn't
scale if it is just the two of them.
The academic researchers published
stuff without details, and were
largely ignored. Charlie and Chris
told Chrysler that they would publish
in nine months, and as far as they
could see, Chrysler did nothing.
But once the Wired article came
out, the recall happened within a
week. Clearly, publishing everything
was the approach that got people
protected the quickest.
At this point, they could control a
lot of the vehicle but only if it was
moving slowly. There were interlocks
in the car to stop, for example,
trying to automatically park the car
when going 50mph on the freeway.
But then they got to the stage where
they could control the vehicle at any
speed.
electronic features aka
targets
How does this happen? It came
about historically. Lots of electrical
stuff got added to cars. Eventually,
the weight of the wiring harness was
a big issue (it affects both cost and
fuel economy) and the automotive
industry came up with CAN bus, a
network. It had no security since
it was only used for trusted things
talking to trusted things. Then cars
started to get connectivity to the
New-Tech Magazine Europe l 41