A University of California at San Diego research team has released a video showing how they could hack thousands of vehicles through a small device which many plug into their car.
The device is called the On-Board Diagnostic Port, or OBD2. It gives vehicle owners knowledge of various diagnostics within the car. Many insurance companies and trucking firms use them in order to monitor a vehicle’s location, speed, and efficiency.
But University of California researchers discovered that these devices contain numerous security vulnerabilities. Stefan Savage, the computer security professor who led this project, told Wired.com that these devices “provide multiple ways to remotely…control just about anything on the vehicle they were connected to.”
In a video released entitled “Fast and Vulnerable”, the researchers showed just how much they could control using a 2013 Chevrolet Corvette. The team started off by manipulating the windshield wipers, but then remotely activated and cut off the car’s brakes. When they cut the car’s brakes, the driver said that “it does not react to any pressure.”
The particular OBD2s used by this research team are manufactured by French manufacturer Mobile Devices and distributed by insurance company Metromile. The research team contacted Metromile about this problem back in June, and Metromile states that this vulnerability has already been patched.
But that does not mean that this problem is over. The research team noted that while this particular OBD may be secure from Internet hackers, others may not.
The team has also stressed that this hack is not limited to the 2013 Chevrolet Corvette or General Motors vehicles. Any modern vehicle which uses a third-party OBD2 device is at risk.
In fact, other vehicles may be even more at risk. The research team was not able to use the OBD2 to cut the Corvette’s brakes at high speeds, but other vehicles may not have that safety restriction. UCSD researcher Karl Koscher said that “If you put this into a Prius, there are libraries of attacks ready to use online.”
The researchers and car companies like General Motors have stressed in the aftermath of these revelations that drivers should be careful using third-party devices in their OBD2 ports. But these incidents continue to emphasize worries about how hackers could remotely shut down your vehicle.
