Researchers claim to be able to control a vehicle by playing a song spiked with malicious code. All they need is 18 seconds of playtime.
"A CAR IS A BIG DISTRIBUTED SYSTEM with wheels connected, and that's been true for 20 years," said Stefan Savage, professor of computer science at the University of California, San Diego. "It's one of the most complex distributed systems you own, with 35 to 40 electronic control units and dozens of operating systems working together."
Speaking at the Usenix Enigma conference in San Francisco last week, Savage detailed six years of research into automotive systems. As an example, the researcher revealed that his team had been able to get control of a vehicle by encoding a song. If the .WMA track was played from a CD, the attacker could get full control. The smuggled code exploits weaknesses in the playback software to commandeer operations. Further commands to remote control the vehicle could then be received via the car's built-in cellular connection.
"Basically, give me 18 seconds of playtime and we can insert the attack code," Savage told The Register. The spiked music attacked the car's entertainment system, which wasn't locked down and granted the injected code access to the rest of the vehicle's electronics. The security flaw has since been addressed.
Savage and his team documented their car hacking back in 2010, years before Charlie Miller and Chris Valasek conducted their high-profile explorations. The group decided not to publish their results in full detail, and to work with the manufacturers and regulators to fix the issues they discovered. "As an academic it felt weird not publishing my research," Savage said. "But it's a trade off. Had we published then there would be a pool of cars out there that were easily hack-able with a little knowledge."
Unfortunately, it is not known which song the researchers used. While “Drive my car” comes to mind, “Joyride” or “Radar Love” would also have been fitting choices.
News and reports