Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Remotely Cut a Corvette's Brakes

Posted by Soulskill on from the has-no-effect-on-corvette-drivers dept.

An anonymous reader writes: Security researchers presented work at the USENIX conference today showing an easy way to hack into a car's electronics using a small gadget that plugs into modern dashboards. The port they're taking advantage of is commonly used to monitor the location and speeds of these vehicles. Once the researchers' dongle is attached, they can use SMS messages to transmit commands to the car's internal network. They demonstrated this by remotely cutting a Corvette's brakes. "Though the researchers say their Corvette brake tricks only worked at low speeds due to limitations in the automated computer functions of the vehicle, they say they could have easily adapted their attack for practically any other modern vehicle and hijacked other critical components like locks, steering or transmission, too."

7 of 161 comments (clear)

  1. In related news.... by Anonymous Coward · · Score: 5, Funny

    The NSA demonstrated a clever hack where they attached a small device to the underside of a Pontiac Grand Prix, remotely pushed a button, and the car blew up! General Motors says this is not a serious security breach and the vulnerability is not limited to their vehicles. They will not issue a recall.

  2. OK, but... by cyn1c77 · · Score: 5, Insightful

    Let's keep this in perspective. If the hack requires you to physically attach dongles to the vehicle, the hacker could just as easily attach a remote controlled bomb.

  3. Misleading Attention Grabbers by monkeyxpress · · Score: 4, Informative

    This is silly. The brake pedal on every car that currently leaves a production line is still physically connected to the master cylinder and wheel callipers. What they likely meant by 'disabled the brakes' is that they disabled the ABS or brake assist module. While troubling, these components are all designed with mechanical overrides for if the electronics goes hey-wire, so this is really scare mongering.

    We have known for years about CAN bus insecurity and how you can control indicators and wipers once you get physical access. There was even a model of car where you could just snap a wing mirror off and plug directly into the CAN system through the exposed mirror connector. These people haven't done anything new and are just being intentionally sensationalist to get attention.

    1. Re:Misleading Attention Grabbers by 0123456 · · Score: 4, Informative

      You realize that ABS cuts the brakes, right? So, if you can take over the ABS controller, you can stop the car from braking?

      There's no way in hell a device attached to the bus connector under the steering wheel should be allowed to do such a thing.

    2. Re:Misleading Attention Grabbers by monkeyxpress · · Score: 5, Interesting

      It can't. The ABS module is designed to be mechanically failsafe. Have a look at a design. The system can only modulate the pressure in the brake line. It does not have any ability to vent to the reservoir or lock out the pedal connection (the isolation valve is just for pedal feel). All it can do is dump a tiny amount of fluid into a small internal reservoir and then pump it back into the line. If the system fails, whether due to a stuck valve, electronics going crazy, or just loss of power, the worst you'll get is a pedal that moves a bit further and no ABS. Even if you could flash the firmware in the controller through the CAN bus (which you normally can't) to get full control of all the valves and pumps you can't 'cut the brakes'.

    3. Re:Misleading Attention Grabbers by StefanSavage · · Score: 4, Informative

      Sorry, I have contrary empirical evidence. On multiple different cars we have manipulated appropriate ECUs with the effect that you can push on the brake pedal with no impact on forward velocity (see autosec.org and also the paper this post refers to). I'll personally attest that it is so and that no matter how hard you step on the pedal that nothing is happening wrt braking. I believe that Charlie and Chris also accomplished the same thing with the vehicles they addressed in the first and most recent presentations.

  4. My Battlestar Galactica security plan is working by He+Who+Has+No+Name · · Score: 4, Funny

    ...which basically consists of "drive a '92 Jeep where the only major electronics in the car are my cell phone".

    It doesn't even have power windows.

    Hack that wirelessly, bitches.