
IN THE early hours of 18 June, a Mercedes coup茅 travelling at extremely high speed along a Los Angeles street smashed into a palm tree. It , killing the driver; the impact ejected the engine 50 metres clear of the car. Was it an accident? Or was the car hacked, allowing it to be driven off the road by remote control?
The very idea might sound crazy 鈥 but it鈥檚 one that Richard Clarke, a former counterterrorism adviser to the US National Security Council, has raised after the driver was identified as Rolling Stone journalist Michael Hastings. on the US military and its intelligence agencies, Hastings had emailed colleagues the day before he died to say that he was going 鈥渙ff the radar for a bit鈥 to chase down a 鈥渂ig story鈥.
鈥淲hat evidence is available publicly is consistent with a car cyberattack,鈥 says Clarke in a . Intelligence agencies, he says, can remotely seize control of a car to make it accelerate wildly or brake suddenly, for instance.
Advertisement
Clarke cited research, carried out for the US National Academy of Sciences, showing that 鈥渃onnected cars鈥 鈥 equipped with built-in cellular technology used by dashboard apps and engine-monitoring software 鈥 can be hacked remotely. But proof that it could be done in practice has been lacking.
That looks set to change on 27 July, when Spanish engineers Javier V谩zquez Vidal and Alberto Garcia Illera will give a demonstration at the security conference in Las Vegas, Nevada. They have built a $25 device that lets them bypass security in a car鈥檚 electronic control unit.
The brains of a modern car, the ECU is a computer that controls engine power, transmission and braking. Mechanics can diagnose faults by plugging a laptop into it via standard wired connectors such as the CAN bus. Alternatively, remote diagnostics and software updates can take place over a cellular network, as happens with services such as General Motors鈥 and Mercedes-Benz鈥檚 .
V谩zquez Vidal and Garcia Illera will show how their device 鈥 which they claim uses a $1 chip to break encryption 鈥 can read from and write data to the flash memory of commonly used ECUs, made by Bosch of Germany. In this way, they can get more horsepower out of a car, or tell it to burn less fuel. 鈥淎nd it would take no time to gain total control over a vehicle 鈥 deploying an airbag, activating the brakes, or immobilising a car at any moment,鈥 says V谩zquez Vidal.
聯The device uses a $1 chip to break encryption, and can write to the memory of a car鈥檚 engine control unit聰
How they have done this is unclear. 鈥淢y best guess is that they have managed to put the ECU into an unencrypted test state, possibly by playing around with power-up sequences,鈥 says Peter Highton, a senior engineer with Freescale Semiconductor in Aylesbury, UK, which makes ECU microchips for racing cars as well as ordinary vehicles.
For security, connected cars should use encryption, but Highton says carmakers are only just coming to terms with it. 鈥淯ntil as recently as five years ago, data on the CAN bus of most cars was unencrypted, and so could be intercepted and altered.鈥
Whatever the causes of Michael Hastings鈥檚 crash, the need to make cars secure against hacking will only become more acute. The next version of V谩zquez Vidal and Garcia Illera鈥檚 device won鈥檛 even need plugging in to the target car. 鈥淚 am already working on a wireless version,鈥 V谩zquez Vidal says.
This article will appear in print under the headline 鈥淣ow it鈥檚 Grand Hack Auto鈥