Two security experts who show how easy it is to cyber hack the Toyota Prius and Ford Escape say they’ve got a solution.
At the Def Con hacking conference in Las Vegas last year, Chris Valasek and Charlie Miller described ways that cyberhackers can launch dangerous attacks, including manipulating the brakes of cars that have in-built computer systems.
Needless to say, the duo’s revelation vindicated the claims of conspiracy theorists, many of who think that intelligence services and terrorists around the world are using such hacking technology to commit virtually untraceable murders.
Now, Valasek says that he and Miller will show off a prototype vehicle “intrusion prevention device” at the Black Hat hacking conference happening in Las Vegas from Aug 2 to 7.
They built the device with about US$150 (RM460) in electronics parts, though the real “secret sauce” is a set of computer algorithms that listen to traffic in a car’s network to understand how things are supposed to work. When an attack occurs, the device identifies traffic anomalies and blocks rogue activity, Valasek said.
The two well-known computer experts decided to pursue the project because they wanted to help automakers identify ways to defend against security vulnerabilities in their products. “I really don’t care if you hack my browser and steal my credit card,” Valasek said. “But crashing a car is life or death. It’s dramatic. We wanted to be part of the solution.”
The research the two have released on the Ford and Toyota cars, as well as work by other experts on different types of vehicles, has raised concerns that somebody might one day try to replicate their work to launch a real-life attack. Yet the UK National Highway Traffic Safety Administration said in a statement that it is not aware of any incidents of consumer vehicle control systems having been hacked.
The auto industry has beefed up efforts to identify and mitigate potential cybersecurity risks over the past few years. “Cyber security is a global concern and it is a growing threat for all industries, including the automotive,” said Jack Pokrzywa, manager of global ground vehicle standards with SAE International, a group that represents industry engineers.
Pokrzywa declined to comment on the specifics of the new technology from Valasek and Miller, though he said “Any viable solution reducing cyber threats is a step in the right direction.” A representative for Ford said she had no immediate comment on the device.
While car-hacking may not be the most obvious form of cyber crime, the mysterious circumstances that surrounded the automobile accident that killed US journalist Michael Hastings in June last year have led some to believe that he was a victim of car-hacking. – Reuters