Forget car jacking. As cars become increasingly complex, car hacking — taking over a vehicle’s computer-controlled systems — is becoming a very real threat.

At the DEF CON hacking conference this weekend in Las Vegas, two computer software researchers with a grant from the Defense Advanced Research Projects Agency released the code they wrote to carry out attacks on a Toyota Prius and a Ford Escape and provide links to their findings in a 100-page white paper,
Their goal? To help other researchers find and address auto industry security flaws before malicious hackers find ways to prey on unsuspecting drivers.

“The more people we can get on the problem, the better,” Charlie Miller, a Twitter security engineer, told the Herald last night. “Let’s fix it now before anyone’s hurt.”

Sitting inside a Toyota Prius and a Ford Escape with laptops connected to the vehicles’ computer networks, Miller and Chris Valasek, director of security intelligence at IOActive, were able to disable the Ford’s brakes so the car kept moving no matter how hard the driver pressed the pedal. They were also able to force the Toyota to accelerate its engine, brake suddenly at 80 mph and jerk the steering wheel.

“We believe our electronic control systems are robust and secure and we will continue to rigorously test and improve them,” said a spokeswoman for Toyota, adding the company, and the auto industry, is focused on preventing remote hacking into a vehicle’s control systems.

They did not attempt to attack the vehicles remotely, Miller said, because that already had been done in a 2010 study by researchers at the University of Washington and the University of California at San Diego.

In May, the U.S. Department of Homeland Security issued an advisory warning of flaws in the wireless Bluetooth systems in some cars that could be exploited by an outsider to take control of some of the car’s functions.

“As you computerize more aspects of a car, those are more things hackers can control,” Miller said. “The bottom line is you’re safer in a car with no bells and whistles.”

Tiffany Rad, a senior researcher at Woburn-based Kaspersky Lab, which provides protection against cyber threats, said auto manufacturers should be concerned now that Miller and Valasek are making their code public.

“If these two guys can do this, it means to me the bad guys can do it, too, now that it’s public,” Rad said. “It lowers the bar to replicate what they did.”

http://bostonherald.com/business/automotive/2013/08/hacking_researchers_take_control_of_cars

Thanks to Ray Gaudette for bringing this to the It’s Interesting community.