Security researchers hack a Corvette using text message

The hacked and the furious

University of California researches have demonstrated a way that hackers could access an insurance black box fitted in a car and use it to control the brakes and windscreen wipers.

The team hacked the box fitted to a 2013 Chevrolet Corvette using a simple text message. The researchers said the method could also be used to access the transmission, steering and locks.

The security boffins will talk about their findings in a research paper titled, "Fast and Vulnerable: A Story of Telematic Failures" at the USENIX security conference, which is taking place this week in Washington.

The problem is not specific to the Corvette or Chevrolet cars - the researchers said that the insurance box fitted into any vehicle can be remotely hacked via text message. The insurance device, called OBD2, is manufactured by a French company called Mobile Devices. This is then sold onto insurance companies to help track vehicle movements for insurance purposes.

In a video, the researchers showed how the brakes could be applied or deactivated on a Corvette at low speed (the car's automatic braking system only functions in slow driving situations, such as travelling through a city). However, in other vehicles with autonomous driving features, such as transmission and steering, could be controlled remotely via the hack. This is because the box itself can act as a gateway to other systems in the car, thus allowing the hack to happen.

"We acquired some of these things, reverse-engineered them, and along the way found that they had a whole bunch of security deficiencies," Stefan Savage, computer security professor at the University of California at San Diego, told Wired.

The researchers have made Mobile Devices and Metromile, the insurance firm that distributes the dongle to car manufacturers, aware of the hack, allowing the firm to update the boxes with a software patch.

"We took this very seriously as soon as we found out," Metromile CEO Dan Preston told Wired. "Patches have been sent to all the devices."

Ken Westin, senior security analyst at Tripwire said that one of the trends he was seeing in automotive system vulnerabilities was that many of these systems are using networks and protocols designed for cellular and IP networks.

"These tools were designed to facilitate human to human interaction. When these networks and protocols are repurposed for machine to machine communication, they become vulnerable to a variety of different threat models," he said.

"When a cell phone is compromised there is a potential for data to be compromised, which is an inconvenience. However, when machine to machine communications over cellular or IP networks are compromised it leads to a kinetic attack that could result in serious injury or even loss of life."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Digital Shadows’ context-based security alerts expand sensitive doc management
Security

Digital Shadows’ context-based security alerts expand sensitive doc management

23 Nov 2020
More than half of businesses saw rising fraud levels this year
Security

More than half of businesses saw rising fraud levels this year

23 Nov 2020
Manchester United resists ‘sophisticated’ cyber attack
Security

Manchester United resists ‘sophisticated’ cyber attack

23 Nov 2020
MPs targeted with nearly three million malicious emails per month
Security

MPs targeted with nearly three million malicious emails per month

23 Nov 2020

Most Popular

Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020