Researchers Show How a Car’s Electronics Can Be Taken Over Remotely

John Markoff|The New York Times

With a modest amount of expertise, computer hackers could gain remote access to someone’s car — just as they do to people’s personal computers — and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington.

Car Keys and Money

Although no such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it. Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place.

Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features — like the car locks and brakes — as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety.

“This report explores how hard it is to compromise a car’s computers without having any direct physical access to the car,” said Stefan Savage of the University of California, San Diego, who is one of the leaders of the research effort.

Given that the researchers were able to do it, they are now trying to pinpoint just how hard it might be for others, he said.

The car security study is one of a growing array of safety concerns that are emerging as the Internet comes in contact with almost every aspect of daily life, be it through financial systems or industrial controls. Computer security researchers have long argued that wholesale computerization and Internet connectivity of complex systems present new risks that are frequently exploited first by vandals with malicious intent.

The new report is a follow-on to similar research these experts conducted last year, which showed that cars were increasingly indistinguishable from Internet-connected computers in terms of vulnerability to outside intrusion and control. That project tried to show that the internal networks used to control systems in today’s cars are not secure in the face of a potential attacker who has physical access to the vehicle.

Their latest study was the first time that independent computer security researchers have tried to show how potential attackers could hack into a car from a remote location.

As in their first experiment, the research teams bought a car they described as a representative example of a moderately priced sedan. (They declined to identify the brand, saying that advanced telematics are rapidly becoming commonplace within the automotive industry.)

“In the case of every major manufacturer, if they do not have this capacity in their mainstream products, they’re about to,” said Tadayoshi Kohno, an assistant professor in the department of computer science and engineering at the University of Washington.

For example, services like General Motors’ OnStar system, Toyota’s Safety Connect, Lexus’s Enform, Ford’s Sync, BMW’s Assist and Mercedes Benz’s Mbrace all use a cellular connection embedded in the vehicle to provide a variety of automated and call center support services to a driver. These subscription services make it possible to track a car’s location, unlock doors remotely and control other functions.

In their remote experiment, the researchers were able to undermine the security protecting the cellular phone in the vehicle they bought and then insert malicious software. This allowed them to send commands to the car’s electronic control unit — the nerve center of a vehicle’s electronics system — which in turn made it possible to override various vehicle controls.

“These cellular channels offer many advantages for attackers,” the report said. “They can be accessed over arbitrary distance (due to the wide coverage of cellular data infrastructure) in a largely anonymous fashion, typically have relatively high bandwidth, are two-way channels (supporting interactive control and data exfiltration), and are individually addressable.”

The researchers declined to speculate about the worse situations, such as interfering with a vehicle’s control system to make it crash. However, they noted that their research showed how a next-generation car thief might operate: instead of using today’s so-called smash and grab tactics, the thief might be able to simply dial up a parked car, unlock its doors and turn on the engine, then arrive on the scene and drive off.

In addition to the cellular telephone vulnerability, the report details similar weaknesses in other systems that allow remote access, including short range wireless networks like Bluetooth, network ports used for car maintenance and even internal CD players.

The researchers noted that their report was about potential vulnerabilities and said there was no evidence that the safety loopholes they discovered had been used by criminals. They also said they believed that the automotive industry was treating the threats responsibly and working to improve the security of modern automobiles.

“Everyone has taken this extremely seriously,” said Dr. Savage.