Last May, I posted a note here about some research from the Center for Embedded Automotive Systems Security [CAESS], a research collaboration between the University of California, San Diego, and the University of Washington. A team from CAESS had found that, by gaining access to a car’s Controller Area Network [CAN] via the On-Board Diagnostics [OBD] port, they could modify the behavior of many of the vehicle’s electronic control systems. (The CAN bus is essentially a local-area network that links together the various electronic control units in the car.) The attacks that they described in their paper [PDF] did, however, require physical access to the vehicle.
According to an article at IT World, the same group has now done further experiments, and found that other attack channels are possible as well.
In a new paper, they [the CAESS researchers] say they’ve identified a handful of ways a hacker could break into a car, including attacks over the car’s Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops.
The CAESS team also found that it was possible to launch an attack via the vehicle’s sound system.
Their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car.
It might, at first glance, seem improbable that this sort of attack would be possible; however, the CAN network includes lots of components of the car. (For example, we have a car in which the radio will continue to play after the engine is switched off, as long as the key is in the ignition lock.) This attack would not be easy to create from scratch, but it is possible to imagine an “attack kit” being distributed over the Internet, with the actual malware being spread via file-sharing networks.
One mitigating factor is that car system, unlike PC systems, tend to be idiosyncratic to the maker and even the model, so the possibility of “generic” exploits, like those for Windows or Flash, is small. Still, this is worthwhile research; it is the methods of attack that no one previously thought of that tend to create the biggest problems.