Karl Koscher and Ian Foster of UCSD demonstrating the latest car security flaw (Photo: Ryan Young for Wired)
UW CSE Ph.D. alum Karl Koscher, of 60 Minutes car hacking fame, is in the news once again for exposing the vulnerabilities of motor vehicle systems with a team at University of California, San Diego, where he is doing a postdoc with UCSD CSE professors and UW CSE Ph.D. alums Stefan Savage and Geoff Voelker.
This time, Karl and his fellow researchers demonstrate for Wired magazine and the USENIX security conference a new threat for motorists: common plug-in devices such as those provided by insurance firms to monitor a vehicle’s location, mileage and speed.
From the Wired article:
“Car hacking demos like last month’s over-the-internet hijacking of a Jeep have shown it’s possible for digital attackers to cross the gap between a car’s cellular-connected infotainment system and its steering and brakes. But a new piece of research suggests there may be an even easier way for hackers to wirelessly access those critical driving functions: Through an entire industry of potentially insecure, internet-enabled gadgets plugged directly into cars’ most sensitive guts….
“By sending carefully crafted SMS messages to one of those cheap dongles connected to the dashboard of a Corvette, the researchers were able to transmit commands to the car’s CAN bus—the internal network that controls its physical driving components—turning on the Corvette’s windshield wipers and even enabling or disabling its brakes.”
As Karl says, “Think twice about what you’re plugging into your car.”
Read the full article and watch a video demonstration here. Read a recent blog post on this same topic featuring Karl’s Ph.D. adviser, UW CSE professor Yoshi Kohno (who was one of the first to sound the alarm over car security), here.