Security researchers hack a Corvette using text message

The hacked and the furious

University of California researches have demonstrated a way that hackers could access an insurance black box fitted in a car and use it to control the brakes and windscreen wipers.

The team hacked the box fitted to a 2013 Chevrolet Corvette using a simple text message. The researchers said the method could also be used to access the transmission, steering and locks.

The security boffins will talk about their findings in a research paper titled, "Fast and Vulnerable: A Story of Telematic Failures" at the USENIX security conference, which is taking place this week in Washington.

The problem is not specific to the Corvette or Chevrolet cars - the researchers said that the insurance box fitted into any vehicle can be remotely hacked via text message. The insurance device, called OBD2, is manufactured by a French company called Mobile Devices. This is then sold onto insurance companies to help track vehicle movements for insurance purposes.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In a video, the researchers showed how the brakes could be applied or deactivated on a Corvette at low speed (the car's automatic braking system only functions in slow driving situations, such as travelling through a city). However, in other vehicles with autonomous driving features, such as transmission and steering, could be controlled remotely via the hack. This is because the box itself can act as a gateway to other systems in the car, thus allowing the hack to happen.

"We acquired some of these things, reverse-engineered them, and along the way found that they had a whole bunch of security deficiencies," Stefan Savage, computer security professor at the University of California at San Diego, told Wired.

The researchers have made Mobile Devices and Metromile, the insurance firm that distributes the dongle to car manufacturers, aware of the hack, allowing the firm to update the boxes with a software patch.

"We took this very seriously as soon as we found out," Metromile CEO Dan Preston told Wired. "Patches have been sent to all the devices."

Ken Westin, senior security analyst at Tripwire said that one of the trends he was seeing in automotive system vulnerabilities was that many of these systems are using networks and protocols designed for cellular and IP networks.

"These tools were designed to facilitate human to human interaction. When these networks and protocols are repurposed for machine to machine communication, they become vulnerable to a variety of different threat models," he said.

Advertisement - Article continues below

"When a cell phone is compromised there is a potential for data to be compromised, which is an inconvenience. However, when machine to machine communications over cellular or IP networks are compromised it leads to a kinetic attack that could result in serious injury or even loss of life."

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020