Hackers release tools used to control Ford and Toyota cars

By on
Hackers release tools used to control Ford and Toyota cars

The two researchers who demonstrated on Friday in Las Vegas how to compromise a car's internal network to perform acts such as controlling the steering wheel or the brakes have made their work publicly available.

Three days after their DefCon talk, Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at services firm IOActive, on Monday released a white paper (PDF) describing their research, as well the data, tools and code used in their exploits.

"We hope that these items will help others get involved in automotive security research," Valasek wrote in a blog post. "The paper is pretty refined but the tools are a snapshot of what we had.

The pair tested on a 2010 Ford Escape and 2010 Toyota Prius. Both car manufacturers received the documents several weeks before DefCon.

"If the only thing that keeps our cars safe is that no one bothers to do this kind of research, then they're not really secure," Miller told IDG News Service. "I think it's better to lay it all out, find the problems and start talking about them."

Their talk, "Adventures in Automotive Networks and Control Units," discussed findings involving controller area networks (CAN) and automobile firmware. CAN is a protocol that enables electronic systems in cars to speak to each other without the need for a centralized computer.

Toyota and Ford reportedly have responded to say they were more concerned with remote hacking and that Miller and Valasek's research required direct access to the automobile, something that would be visible to an in-real-life victim. 

Miller and Valasek responded that researchers a few years ago already accomplished remote infiltration. The purpose of their work was to learn how far one can go with direct access. In addition, they said that dashboard removal was not necessary.

Meanwhile in the U.K., a British judge has barred researchers from publishing an academic paper on security weaknesses impacting luxury cars.

University of Birmingham researcher Flavio Garcia and two Stichting Katholieke Universiteit researchers, Baris Ege and Roel Verdult, discovered how to crack the algorithm of a system called “Megamos Crypto,” which is used to validate an owner's ignition key in cars like Lamborghinis, Porsches, Audis and Bentleys.

According to The Guardian, the researchers, who refused to edit portions of the paper (which had been online since 2009), planned to publish the findings next month at the USENIX Security Symposium in Washington, D.C.

The judge said that releasing the academic paper could result in the widescale theft of vehicles. The university said it will honor the judge's ruling.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What will be your biggest business challenge for 2020?
Slow economic growth and its impact on customers
Transitioning to an MSP model
Finding and retaining skilled staff
Finding time to work ON the business as well as IN it
No challenge: 2020 will be non-stop unicorns, rainbows and fun!
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?