Last month, BMW fixed a flaw with its ConnectedDrive software that allowed hackers to control the onboard computers in many (2.2 million to be precise) Mini, BMW and Rolls Royce models. Anything from traffic updates to the air conditioning and the door locks could be controlled remotely by attackers.
However, this is not a problem that’s limited to BMW. Recently, two security experts, Charlie Miller and Chris Vasalek, used a laptop and an open bluetooth connection to wirelessly control the horn, seatbelts, headlights, brakes, accelerator and steering of a Toyota Prius and a Ford Escape. According to the article, their project was funded by DARPA to “highlight the security risks affecting modern-day cars”.
In addition, two researchers from Spain are planning to demonstrate their “CAN (Controller Area Network) Hacking Tool” at the March Black Hat conference in Singapore. This $20 device was previously demonstrated at last years conference in Las Vegas. Here’s how it works: It takes less than five minutes to fit this device into the target’s car, and once it’s in place, it can control, among others, the car’s lights, locks, airbags, steering and brakes. The advantage of this over the bluetooth attack is that this device allows you to program instructions for the car in advance, so you don’t even have to be there for the attack.