How Vulnerable Is Your Car to Cyber Attack?

As cars barrel toward full electronic control, are they vulnerable to cyber attack?
By Glenn Derene
June 21, 2010

Last November, on a closed airport runway north of Seattle, Wash., a team of researchers from University of Washington and University of California–San Diego performed an ominous experiment on a late-model sedan. With a chase car driving on a parallel runway, they sped the test vehicle up to 40 mph, then turned off the brakes—via Wi-Fi. "Even though we knew what was going to happen, it's a very unsettling feeling to have a loss of control," says Alexei Czeskis, the researcher who was driving the test car. "You get full resistance from the brake pedal, but no matter how hard you press, nothing happens."

The test sedan was rigged up with a laptop hooked into its OBD II diagnostic port. On the computer was a custom-coded application, called CarShark, that analyzes and rewrites automobile software. That laptop was linked via a wireless connection to another laptop in the chase car. In addition to temporarily rendering the test car brakeless, the setup also allowed the research team to remotely turn off all the vehicle's lights (including the headlights and brake lights), turn on the windshield wipers, honk the horn, pop the trunk, rev the engine, disable specific cylinders, engage individual brakes and shut down the vehicle completely while it was in motion. the rest

Computer-security pros agree that there is little reason for drivers to worry today, since the chances of random hackers killing your brakes on the interstate are slim to none. Yet now is the time, they say, for the auto industry to start concentrating on cybersecurity.