Hackers tap into ECU to kill engine, brakes and more
During the 17 years this writer worked on braking and stability control systems, we occasionally joked about being able to remotely update the software in people's vehicles and bring them to a halt. At that time, the technology didn't really exist to actually do that. Today that's no longer true. Researchers the Universities of California and Washington will present a paper at a security conference in Oakland, California next week outlining how they were able to hack into vehicle computer systems.
When electronic control units were first added to cars in the 1970s, the firmware was all in masked read-only-memory that couldn't be modified once it was fabricated. In the late 1990s, as systems became more complex, engineers began using flash memory so that firmware could be updated with bug-fixes and other changes. With most current vehicles you have to be plugged into the OBD-II diagnostic port in order to communicate with the ECUs, which are now connected over a vehicle-wide controller area network.
Now that we're starting to move into the age of connected vehicles, the risks are rapidly increasing. OnStar already has the ability to remotely slow a stolen vehicle. Ford is currently demonstrating Fiestas that can download applications and communicate with the vehicle systems to broadcast vehicle information. Without putting adequate security into vehicle ECUs, it's possible that someone could download a malicious application with the potential to disable or otherwise damage the vehicle.
The potential for this to be the biggest security risk your vehicle might have is quite high. The US has called NASA in to investigate Toyota's cruise missile incidents because they don't believe that the accelerator pedal shim is a fix. Neither do I personally. NASA is called in because the ECU is under suspicion.
The fellow in Melbourne who's 4x4 performed an impossible multi-system fault, resulting in his vehicle becoming a cruise missile?
I'm happy to be corrected, but guess what? His vehicle had just been serviced....ECU flash
I was worried not long ago after two break-ins, one of which didn't steal stuff, and I'm wondering OK, if you can bypass entry security but didn't steal stuff, what did you do?
The first thing that came to my mind was OBD port. Ultimately I think I was targeted with a black-market radio key scanner, but I have to say : The problem with computers seems to be security. Universally so.
Absoluetly agree. Every time a program is developed ,within hrs/days someone has beaten it. Key scanners will be the next choice for theft.
IMO Go back to the old days put in a bypass hidden kill switch . Totally bypass all electrics.
Forum Staff
Hackers tap into ECU to kill engine, brakes and more
LinkBack URL
About LinkBacks
Reply With Quote
