You may hate parallel parking, but you're going to hate it even more when somebody commandeers control of your car with you in it.
That was the scary scenario painted over the first two hours at the 21st
annual Defcon hacker conference.
"Car hacking is definitely coming," said Zoz, of Cannytophic Design, who
presented on how to hack autonomous cars.
Zoz's talk on vulnerabilities that autonomous autos will face followed a
fast-paced explanation by well-known computer security experts Charlie Miller
and Christopher Valasek of how they spent the past 10 months hacking the
self-driving features of two popular cars. Miller, Valasek, and Zoz all spoke to
standing-room only crowds of more than 1,000 people.
While car hacking made a big splash at Defcon in 2010 and 2011, those hacks
were not publicly documented. "We want it to take two months for everybody to do
this," Miller said to loud applause from the packed house.
Before going into their hacking explanation, Miller and Valasek admitted
that they were not hardware hackers, and had little experience on hardware
basics like splicing wires. But they only had one requirement for their test
car: that it be able to drive itself.
From there, hilarity ensued. Instead of following Toyota's guide to
removing the dash of their test 2010 Prius, they used a crowbar. Subsequent
videos and photos showed them driving around with a laptop wired to the open
dash of a car, much to the amusement of the crowd.
The pair also tested a 2010 Ford Escape.
Prerecorded video demos of the hacks showed Miller and Valasek disabling
the car's brakes, jerking the steering wheel back and forth while the car was in
motion, accelerating, taking full control of the steering wheel, yanking the
seat belt tight, turning off the engine, turning interior and exterior lights on
and off, honking the horn, and making the console show a full tank of gas when
Surprisingly, neither wore a helmet.
At one point, the car wouldn't start, and they had to get it taken to the
Toyota dealer for repairs. It turns out, Valasek said, that they had blown up
the inverter. "They said they couldn't fix the car because they'd never seen
this problem before."
The two detailed much of the nitty-gritty of their hacking work, covering
how they gained physical access to the car's computer and how they figured out
how to program the car's computer.
The documentation that they will be releasing in the next few weeks sounds
comprehensive, totaling 101 pages of code and data.
Zoz spent his talk in the next hour on the future of automation.
Self-driving cars, he told, are essentially robots and will be particularly
susceptible to the same kinds of hacks as less complicated robots.
Many of these vulnerabilities will be related to directly hacking or
indirectly altering the sensors that allow a car to navigate the road without
causing accidents. Automated vehicles of all sorts, from person-carrying cars to
small drones, rely on a multitude of sensors such as GPS, LIDAR, cameras,
millimeter wave radar, digital compasses, wheel encoders, inertial measurement
units, and on-board maps.
There are two kinds of sensor attacks, Zoz said. Denial attacks prevent the
sensor from recovering data, while spoofing causes the sensor to retrieve bad
Each of the sensors on a car or drone can be successfully attacked in
several low-cost, low-effort ways. A GPS sensor, he said, can be compromised by
purchasing or building a cheap GPS jammer.
Maps are particularly at risk. "You can't have your robot occasionally
blowing through a red light," he said to much snickering from the audience.
Zoz, as well as Miller and Valasek, kept returning to a particular point
during their separate hour-long presentations: the goal of hacking cars isn't to
cause widespread havoc, but to make them safer.
"Now that we've released the data, you can think about how to stop these
attacks," Miller said.
And echoing Miller, Zoz also highlighted safety concerns. "When I talk
about exploits and countermeasures, I want you to think about
counter-countermeasures," he said.
Ford and Toyota have both said that their focus is on preventing wireless
hacks, but wireless technology is hardly a bastion of security. We may be
approaching an era when the car itself could be to blame for crashes.