Two programmers used a laptop to take control of a Ford and Toyota, and will present their findings at a hackers conference next month. Does this pose a worry for motorists?
There is almost nothing more terrifying in a car than finding you can't control the vehicle. Anybody who's been in a skid or lost brake pressure can attest to this. So the notion that hackers could take control of a car, as two recently demonstrated for Forbes writer Andy Greenberg, represents just about the worst-case scenario for modern, electronically controlled cars.
With vehicles ever more connected to the Internet, GPS and cellular networks, programmers Charlie Miller and Chris Valasek say they've worked out a way to access the computers in a 2010 Toyota Prius and 2010 Ford Escape. Once they take over the onboard computer, they can control anything from the radio to the brakes, they say.
Miller, 40, works as a security engineer at Twitter. Valasek, 31, is the director of security intelligence at the Seattle firm IOActive. Working with an $80,000 grant from the Pentagon's Defense Advanced Research Projects Agency, the two say that over the past year they've analyzed the software in both the Toyota and the Ford to the point where they can assume control of the vehicles.
A video of their demonstration shows them using their electronic access to disconnect brakes, scramble a speedometer, wobble a steering wheel and blast a horn. "My instinct is to jump out the window," Greenberg says in the footage.
AP Photo: File
A 2010 Ford Escape hybrid taxi sits among other Escapes at Ford's Kansas City Assembly Plant in 2009.
A Ford spokesman told Greenberg the company takes hackers "very seriously," but Toyota didn't seem as concerned. A laptop was connected directly to the cars' systems — and that's where a Toyota spokesman said the potential threat vanished.
"Altered control can only be made when the device is connected. After it is disconnected, the car functions normally," the spokesman told Sky News. "We don't consider that to be hacking in the sense of creating unexpected behavior because the device must be connected."
The spokesman said Toyota's main security focus, "and that of the entire industry," was on preventing security breaches from outside the car. "Toyota has developed very strict and effective firewall technology against such remote and wireless services," the spokesman said.
But Valasek told Greenberg that remote access had already been achieved. He pointed to experiments in 2010 where teams from the University of Washington and University of California at San Diego breached an unidentified car's systems remotely, using cellular connections, Bluetooth and even a CD.
Valasek and Miller plan to release their findings at Defcon, the hacker conference scheduled for next month in Las Vegas. Their goal, they say, is to help auto-industry programmers beef up security.
But based on their glee in theForbesvideo, they will probably also force a few more cars to misbehave before helping to make them more difficult to penetrate.
Join MSN News on social