I-Team: Hackers Can Take Control of Cars From Trio,000 Miles Away

With thousands of fresh cars and trucks tooled with factory-installed Wi-Fi, hackers have lots of fresh targets on the road. An I-Team investigation found it is already possible to use Wi-Fi to control key electronics of vehicles from long distances.

Using a Wi-Fi dongle, a petite electronic gadget lightly purchased online for about $Ten, auto hacker Craig Smith permitted the I-Team to control the headlights and windshield wipers of a Mazda parked in Seattle from a laptop computer in Fresh York City. The dongle gave wireless access to a port underneath the steering wheel — the same port used by mechanics to diagnose problems.

«We`re using the same signals that would normally be used by the vehicle,” Smith said. “We`re just now controlling them from the Internet.»

Smith, a paid consultant who works with automakers to find their software vulnerabilities, was able to decipher the computer code «packets,» which are basically series of numbers and letters that work to turn on wipers and headlights.

Off the hook “Swatting” nine hundred eleven Recordings Expose Voices Behind Twisted Pranks

When typed into the I-Team’s laptop, the packet codes took a few seconds to travel over the Internet from Fresh York to Seattle and the wipers and lights turned on at off at on directive.

Joshua Corman, co-founder of IAmTheCavalry.org, a nonprofit that seeks to warn businesses and governments about software vulnerabilities, said the hacking demonstration replicates a potential security risk in thousands of cars of all brands — not just Mazda.

«Software controls the brakes. It controls your lights. It can deploy your airbag. It can tighten the seatbelt,» said Corman, rattling off a list of potential electronic targets.

Investigative Hundreds Complain About Cold Classrooms in NYC Schools

«The one that personally scares me the most is, now that there is a parking assist features on a lot of these cars, there is a very powerful motor on the steering column,» Corman said. «It is more powerful than you are and can often be used to rip the steering wheel out of your palm while you are driving.»

In response to the cross-country hacking demonstration, Mazda spokesman Nick Beard said the company «is aware of the growing concerns related to the possibility of vehicle hacking, the capability to potentially retrieve individual information and alter the vehicle`s driving characteristics, through unauthorized electronic access.”

Beard stressed that Mazda is continually working to «improve the security of our vehicles, including our proprietary vehicle software, as we develop and incorporate even more advanced electronic features in our vehicles.»

Investigative Rivers Clinic Part of Network With Regulatory Troubles

Smith says he only hacked the Mazda because it was the very first car he could get in his garage. Smith would not say what car companies he has worked for but said he had no relationship to Mazda. He says the same demonstration could apply to dozens of makes and models. Albeit this hack relied on a Wi-Fi dongle to relay instructions from Fresh York to the car`s central processor in Seattle, Smith says he has successfully hacked other cars without ever accessing the interior of the vehicle.

A investigate released this week by Sen. Ed Markey (D-Massachusetts) found only two of sixteen automobile manufacturers were able to describe any capabilities to diagnose a hacker attack executed over the wireless communication systems of their vehicles or react to it in real time.

Kathleen Fisher, a project manager for the federal Defense Advanced Research Projects Agency (DARPA), said researchers at the University of California San Diego and University of Washington had used wireless entry points to attack vehicles and take control of their electronics as early as 2012.

«These attacks involved infecting the computers in the repair shop and then having that infection spread to the car through the diagnostic port, or hacking in through the Bluetooth system, or using the telematics unit that`s normally used to provide roadside assistance,» Fisher said.

IAmTheCavalry.org has sent an open letter to the automotive industry, asking vehicle manufacturers to embrace a five-point cyber safety rubric.

But the shove to secure vulnerable software goes way beyond car hacking. IAmTheCavalry.org is also urging medical device makers, public infrastructure operators, and manufacturers of home appliances to protect their software as well.

Researchers have demonstrated how Wi-Fi-connected IV pumps — the kind found at uncountable hospitals — could be attacked and instructed to supply errant doses of insulin.

Hackers have also attacked industrial controllers — the modules that communicate with power plants, water distribution systems and other critical infrastructure.

Hackers like Smith and Tom Parker, a professional hacker hired by petroleum and financial companies to find their software vulnerabilities, are called «white hats,» researchers who attempt to warn companies and governments their software is exposed to the malicious hackers known as «black hats.»

Too often, Parker says, industrial controllers are connected directly to the Internet and thus vulnerable to attack.

«When you get up in the morning and get in your car to go to work, by the time you`ve gotten to work and sat down at your desk, you`ve literally interacted with very likely several hundred of those controllers from when you turn on the tap to brush your teeth, to when you turn on the power to when you turn on your car engine,» Parker said.

Wade Newton, a spokesman for the Auto Alliance, a trade group signifying twelve major automakers, said vehicle manufacturers are well aware of cyber threats to onboard electronics and are presently using «threat modeling» and simulated attacks to test their software security. Additionally, he said, the Society of Automotive Engineers, the US Council for Automotive Research, and DARPA have projects to strengthen protocols and best practices.

«Auto engineers incorporate security solutions into vehicles from the very very first stages of design and production – and their security testing never stops,» Wade said.

Related movie: