Charlie Miller and Chris Valasek have published their white paper titled “Adventure in automotive networks and control units”. They describe how they manipulated a Ford Escape and a Toyota Prius.
BOTH AUTHORS, SPONSORED BY DARPA, presented at Defcon 2013 how they hacked cars by means of the OBDII (on-board diagnostic) interface. What they have done can be summarized as reengineering of the diagnostic interface and injection of related messages to the CAN-based in-vehicle networks by means of a laptop and a CAN dongle. The published paper provides the details of hacking and manipulation. For OBDII experts, this is nothing new: The carmakers have not yet implemented sophisticated firewalls for the OBDII interface. The diagnostic interface is intended for trouble shooting and downloading of software updates. Normally, such access happens only in standstill – in the garage or in the factory.
Of course, if somebody could get code running on an ECU (via an attack over Bluetooth, telematics, tire sensor or physical access), they would be able to send CAN messages, which command other ECUs to do something that was not programmed by the carmaker and their suppliers. If it's just used to honk the horn, it's only annoying. But if you managed to manipulate a steering or parking assistant, you could cause real damages. For sure, automated driving will require better firewalls to the in-vehicle networks.
The two hackers needed ten month for this research project. But with the information in the published paper and some commercially available tools, it could be done in a much shorter time.
News and reports