Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking a Car With Music

Posted by timothy on from the lady-gaga's-secret-plan dept.

itwbennett writes "Researchers at the University of California, San Diego, and the University of Washington have identified a handful of ways a hacker could break into a car, including attacks over the car's Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops. But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. 'It's hard to think of something more innocuous than a song,' said Stefan Savage, a professor at the University of California."

4 of 133 comments (clear)

  1. Uh, what? by gman003 · · Score: 5, Interesting

    I can accept malicious data taking over the stereo system. That's believable. What I find impossible is going from there to the rest of the car. I installed my own stereo system - the only wires involved were power and output to the speakers. That's it. Unless they can find an exploit in a 12v battery, they literally cannot get to anything automotive.

    Maybe newer cars, where everything is "integrated", are different. In which case, I'm glad I bought a used '99 Talon rather than a brand-new anything.

    1. Re:Uh, what? by Anonymous Coward · · Score: 5, Informative

      Newer cars with integrated stereos hook them up to the car's CAN bus. From there all bets are off.

  2. Re:Bad Programmers by NotQuiteReal · · Score: 5, Insightful

    Why are the most ubiquitous products the most buggy?

    Maybe because they (products) need to be cheap and quick to market to become ubiquitous?

    Remember the old "joke"?
    * Cheap
    * Good
    * Fast
    Pick 2


    There are a lot of folks who just by the latest (fast) stuff they can afford (cheap). Quality (good) doesn't enter into the equation.

    --
    This issue is a bit more complicated than you think.
  3. Re:Attacks by StefanSavage · · Score: 5, Informative

    > In a talk, Stefan claimed to have the ability to remotely drive as well, i.e., steer/accelerate/brake.
    I'd be surprised if you're not misremembering... both because we hadn't spoken publicly about concrete remote vulnerabilities before our NAS briefing and because some of this is not true. In particular, steering is not electrically intermediated on most cars (new electric cars aside) and we've never demonstrated acceleration control (engine start/shutdown, yes... acceleration no... although I'd be surprised if it wasn't possible).