AfterDawn: Tech news

White hat hackers to release software used to crack critical car systems at Def Con

Written by Andre Yoskowitz @ 28 Jul 2013 5:40 User comments (11)

White hat hackers to release software used to crack critical car systems at Def Con Two white hat hackers, Charlie Miller and Chris Valasek, will publish a 100-page white paper on attacking the critical systems of two major cars at next week's Defcon convention.
Miller and Valasek were given a grant by the U.S. government to research and uncover software vulnerabilities in the Ford Escape and Toyota Prius.

The pair will also release the software they built for hacking the cars at the convention.

Through their research (via Reuters), the pair were able to find ways to "force a Toyota Prius to brake suddenly at 80 miles an hour, jerk its steering wheel, or accelerate the engine." They can also "disable the brakes of a Ford Escape traveling at very slow speeds, so that the car keeps moving no matter how hard the driver presses the pedal." In the wrong hands, both exploits can certainly be fatal, although the white hats will not be releasing any information on how to do these attacks remotely, meaning you will have to be in the vehicle and connected directly to the car's system for the attack.



Valasek, director of security intelligence at consulting firm IOActive, is well known for finding bugs in Microsoft's software, namely Windows. Miller is well known for his hacking of Apple's iOS App Store.

While the new work may not be a worry to the auto industry, if the attacks can be performed remotely, it would be disastrous. In 2011, a group of white hats and academics found ways to infect cars using Bluetooth and wireless networks but none of their work, or even the name or make of the car they hacked, were ever released.

Previous Next  

11 user comments

128.7.2013 18:36

Another good reason why I tend to stay 10 steps behind the latest technology.

228.7.2013 18:49

Most women don't know the difference between the brake and gas peddle anyways .

329.7.2013 00:05

all i have to say is d**N 80 miles wow talk about whip lash

429.7.2013 01:38

If you have to be in the vehicle to do these things it isn't really new. Almost all modern vehicles have electronically controlled throttles and ABS systems with programmable computer controls...that covers disabling the brakes and accelerating without the gas pedal. The Prius (as well as numerous other vehicles) also have steer by wire...making it quite easy to cause the wheel to turn by itself. Actually, the Prius is drive by wire for everything; you have no choice but to do brake by wire when you have electronic brakes and I guess they just threw in steer by wire for good measure. Hackers have been using all of these methods to make self-driving Prius cars for a while now (instead of disabling the brakes they activate them without the pedal). I'm not saying there is nothing to worry about...only that there is nothing NEW to worry about.

Oh, and not all women are bad drivers...about 50% of the terrible drivers I see on the road are men...and that means that only 98% of women are bad drivers. 99.99% of Prius owners are bad drivers...but that is just because they are the kind of people who don't like to do things related to driving, such as paying attention to the road or doing basic research on the car they are about to buy (otherwise they wouldn't have bought such an awful car when it costs more than a used Ferrari and does more environmental damage than a Hummer). I leave the 0.01% as technically cars on a sales lot belong to the owner of the lot, who may be a decent driver.

529.7.2013 05:01

@ killerbug
depends on definition of a good driver.ive been told i drive too slow and too caution but ive held a licence for 9years and never had an accident,never had any driving offences either.

629.7.2013 08:47

The hack can work remotely, they are just not going to be releasing how: so why release it at all? It's not like there are not other adept programmers that could figure a way out to use it remotely.

Makes ya wonder if more cars get manufactured like the Tesla, pure electric with computerized dash/tablet controls: how long will it take before they remotely hack that system to get full control over the vehicle.

This message has been edited since its posting. Latest edit was made on 29 Jul 2013 @ 8:48

729.7.2013 10:26

The rumours are that this was how Michael Hastings was murdered.

829.7.2013 12:38

Quote:
Miller and Valasek were given a grant by the U.S. government to research and uncover software vulnerabilities in the Ford Escape and Toyota Prius.

Uh, what I'm surprised by is why nobody is curious why the U.S. government wants to know how to do this. Isn't anyone disturbed by that at all or just me? Why would they fund a grant for research into doing something like this. So they can kill people that speak up? cover up assassinations as car accidents?

929.7.2013 14:59

Quote:
Uh, what I'm surprised by is why nobody is curious why the U.S. government wants to know how to do this. Isn't anyone disturbed by that at all or just me? Why would they fund a grant for research into doing something like this. So they can kill people that speak up? cover up assassinations as car accidents?
Now that raises a very interesting point, especially with the recent uncovering of PRISM. Essentially they would be able to lock onto a vehicle via GPS and disable the car, maybe not so much to cause an accident so much as to stop criminals from getting away. Still in the wrong hands, a very dangerous tool: in the right hands (and I not saying that's the US government) it could prove practical for security.

1029.7.2013 16:09

@Interestx
True. The U.S. Govt. is the only suspect for now for remotely assassinate him, with out living traces. And is the way to silence other journalist who want to expose the real truth about corruption on the government and big corporations.

@Mysttic
Actually I was thinking on how this power tripping illuminate trash corporations can hurt Tesla buy remotely creating accidents in order to bring down this company. Thanks God is now a corporations; but still is a war going on between the mafia car makers who been dominated for so long the market in co-relation with the oil corporations to keep sucking people money & no trying to make more gas economic cars, etc. Just saying.

Other car hacking news:
http://cir.ca/story/scientist-uncovers-luxury-car-security-codes

This message has been edited since its posting. Latest edit was made on 29 Jul 2013 @ 5:34

1129.7.2013 20:19

Originally posted by xboxdvl2:
@ killerbug
depends on definition of a good driver.ive been told i drive too slow and too caution but ive held a licence for 9years and never had an accident,never had any driving offences either.
I've been told that I drive like an asian driver considering I am asian. I've been licensed for 13 years now, no accidents or driving offences on my record. :D

Comments have been disabled for this article.

News archive