Following their viral video moment two weeks ago, Charlie Miller and Chris Valasek have taken the stage in Las Vegas at Defcon 21 to reveal the tricks they used to hack into a Prius control system.
Two weeks ago, a Forbes journalist revealed his experience behind the wheel of a car that had been altered by two hackers to show his findings following a government supported investigation. His experience was a nightmare, as it shows in the video above. The two man team behind the hack took the stage at the Defcon hacking conference to reveal their tricks on Friday.
Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at IOActive, received an $80,000 grant from DARPA to research how they could hack into the computer systems, called electronic control units (ECU), used in modern cars and see what they could do once they gained access.
They were able to achieve full control of the vehicle by hooking a laptop to the ECU network and ordering the computer to perform diverse actions by injecting rogue signals into it. Among them, disabling the breaks while the car was moving, taking control of the steering wheel, accelerating, stopping the engine, yanking the seat belt, displaying fake speedometer and gauge readings, turning on and off lights, and blasting the horn.
Miller and Valasek also released their research paper explaining how they managed to take control of the car and how they kept that control even after their computer was unhooked from the ECU. They shared the report two weeks before the conference with Ford and Toyota, the manufacturers of the hacked cars (a 2010 Ford Escape and a 2010 Toyota Prius). The goal of the research was to see how far hackers could go once they have gained access to the car controlling system. It does not take into consideration if the attack is remote or local. That is why Toyota does not consider this hacking, “the company's security efforts are focused on preventing remote attacks from outside the car,” said Miller and Valesek.
Because all cars today are fully electronically controlled, the threat of them being hacked is very much possible. However, a car is not a phone or a laptop, and the amount of effort required for a very skilled hacker to gain access to anybody’s car is much higher than trying to steal credit card information. Maybe in the future, as cars become even more automated and more connected to traffic networks, this could become an issue, but for now, it is safe to say that highways are free of viruses.