David Schwen | Wheel: Getty
Hackers Charlie Miller and Chris Valasek have proven more clearly than anyone in the world how vulnerable cars are to digital attack. Now they’re proposing the first step towards a solution.
Last year the two Darpa-funded security researchers spent months cracking into a Ford Escape and a Toyota Prius, terrifying each other with tricks like slamming on the brakes or hijacking the vehicles’ steering with only digital commands sent from a laptop plugged into a standard data port under the dash. At the Black Hat security conference in Las Vegas next month, they’ll unveil a prototype device designed to foil the same unnerving tricks they’ve demonstrated: An intrusion-detection system for automobiles. “These attacks seemed serious enough that we should actually consider how to defend against them,” says Miller, who holds a day job as a security researcher for Twitter. “We actually wanted to do something to help solve this problem.”1
They built their anti-hacking device for $150 in parts: an mbed NXP micro controller and a simple board. This plugs into a jack underneath a car or truck’s dashboard known as the OBD2 port. Power it on for a minute during routine driving, and it captures the vehicle’s typical data patterns. Then switch it into detection mode to monitor for anomalies like an unusual flood of signals or a command that should be sent when the car is parked but shows up when you’re instead doing 80 on the highway.
If it spots mischief, the device puts the car into what Miller and Valasek call "limp mode," essentially shutting down its network and disabling higher-level functions like power steering and lane assist until the vehicle restarts. “You just plug it in, it learns, then it stops attacks,” says Valasek, the director of vehicle security research at security consultancy IOActive.
Miller and Valasek's gadget may raise fears about false positives that could mistakenly disable your car's computers during rush hour. But in their tests, they say it hasn't misinterpreted any innocent signals in the car's networks as attacks. That's in part, they say, because a car's digital communications are far more predictable than those of a typical computer network. "It’s just machines talking to machines," says Valasek. "In the automotive world, the traffic is so normalized that it’s very obvious when something happens that’s not supposed to happen."
That regularity in a car's base-level networking communications, they say, meant their device could reliably spot all the attacks they threw against it, as well as earlier car hacks developed by researchers at the University of California at San Diego and the University of Washington. Miller and Valasek don’t plan to sell their auto protection gadget. Instead, they only aim to demonstrate with the proof-of-concept how easy it would be for carmakers to protect vehicles from attack.
In fact, their work has already helped inspire an ongoing congressional investigation into the security practices of major auto manufacturers. After Miller and Valasek showed (In many cases with me behind the wheel) that they could perform nasty tricks that ranged from triggering target cars' horns to disabling brakes at low speeds, Congressman Ed Markey sent a letter to 20 automakers demanding answers. The deadline for those responses passed earlier this year, but Markey's office has yet to release its findings.
While Miller and Valasek's attack tests required that they physically plug into their target vehicles' networks, wireless hacks are possible, too. The UCSD and UW researchers, for instance, were able to breach their test car's network over bluetooth and GSM signals. And in another portion of Miller and Valasek's Black Hat talk that they declined to discuss, they say they'll outline new potential wireless attack points in automobiles.
Despite cars’ growing, vulnerable connections to mobile devices and the internet, neither Miller nor Valasek believes malicious hackers have actually targeted them yet outside of a research setting. But they argue that in this case it's worth trying to prevent a digital security debacle before it happens.
A hacked car, after all, has more serious consequences than eavesdropped emails or stolen credit cards. “If we don’t fix this, someone crashes,” Miller says. And he means the kind you can't reboot from.
1Correction 9:45pm EST 07/22/2014 An earlier version of the story stated that Miller and Valasek hacked a Ford Explorer rather than a Ford Escape.
