DEFCON 2015: The Realities of Car Hacking
Tech Talker continues his debrief of DEFCON 2015 with a close look at how cars get hacked.
Page 1 of 2
Last week, I talked about the hacker conference called DEFCON, which I recently attended. As my series on hacking continues, I'm going to cover some of research resulting from the conference and how it affects your everyday life.
One new topic this year at DEFCON was car hacking. The conference brought in a handful of different cars into the hotel itself all for the purpose of hackers testing the security and capabilities of each vehicle.
When most people think of hacking, the last thing that they think of is a car. This is because, for a long time, cars were pretty much immune to computers. They simply rolled down the road with steel, gasoline and oil. However, as technology got smarter and smaller, cars began to evolve, too.
The first real step cars took into the technical realm came in the form of a standard ODB connector or on-board diagnostics. You're probably somewhat familiar with this connector if you've ever had a check engine light on, the mechanic will use it to read the sensors on the car and see what error is causing the light to come on, or what needs to be repaired. This port is pretty universal and has been standard on almost every car since 1996.
Our show sponsor Automatic from last week essentially makes a wireless version of this that plugs into your car and allows you to see all of the diagnostics from your phone.
Since this connector was created, though, cars have been getting smarter and smarter. Now many cars include entertainment systems, can automatically download updates from cell networks, and can even stream Spotify or Pandora. Some even have WiFi!
This is a lot of surface area that is exposed to attackers trying to get into a car. When I say surface area, I mean that there are a lot of systems, apps, and openings that are exposed within the vehicle. The worst part is that there only needs to be one weakness for a hacker to get in. Typically, this is done through the ODB port or the entertainment system on the car, or even a USB port. From there, hackers will pivot into the main control system of the car.
Once inside the car, they are able to toggle controls, and read system information. One of the scarier attacks involves some models of Jeeps, or really any car that has a 'Uconnect' entertainment system in it. This allowed researchers to remotely access the vehicle and control a number of systems in the car, including breaks, steering wheel, radio, and a handful of other things. In the past, these types of attacks required that a hacker have direct physical access to your car. Now they can hack your vehicle from their homes or a Starbucks!