In the near future, your car may be hacked easily by hackers.

“If you use a computer, you may be hacked” is a well-known axiom. In the world of computers, there is practically nothing that could not be cracked, and if attackers can penetrate a rather complicated dextup computer, what will prevent a resolute hacker from penetrating your car's onboard computer?

Tadayoshi Kohno from the University of Washington, Seattle, and Stefan Savage from the University of San Diego, California, managed to write software called CarShark and with the help of him and two laptops penetrated remotely into the car's computer, were able to turn off the engine, use brake or turn them off, display arbitrary speeds and labels on the speedometer.

The guys published a pdf-ku describing the work done by them, and also answered some questions from journalists:


Q: Tell me more about the study. Did you have physical access to the car or can it all be done remotely?
')
Savage: In the document we do not dwell in detail on the ways to achieve the result, it is much more important to understand what the effect of someone entering the system of your car can be. We connected to the diagnostic port, it is standard for most cars and is located close to the steering wheel.

Kohno: With this study, we wanted to draw attention to the evolution of cars, in the hope that automakers will be able to provide protection against such penetration in the future.

Savage: Remember the computers of the early 90s. They had a lot of potential vulnerabilities, but it didn't matter a lot, because the computer was at home and was not connected anywhere. When we started connecting them to the Internet, all of these potential vulnerabilities became real. Cars repeat this path. There is a tendency to connect cars to wireless networks, so it's time to start strengthening the protection of the internal systems of cars, until it became a real problem.

Q: Can you give an example of when a car might be compromised?

Savage: It can be a car mechanic, or a jealous passion, who have the ability to temporary access to a car. Such a person will be able to connect to the system and upload the malicious code there. Today, this is more of a fantasy than a real threat, of course.
Note Transl .: But in the near future this does not prevent the same mechanics to unnoticeably plug a special device into the diagnostic connector that will be accessible via the Internet.

Kohno: Today, everyone is focused on the botnets and security of web applications. We want to make sure that in 5-10 years cars will not fill up this list.

Q: You wrote a tool called CarShark, which implements a similar attack, right?

Kohno : The tool implements much of what we researched. It works on a computer connected to the OBD-II connector (On-Board Diagnostics II) and can receive / send data over the network.

Q: After all, someone can use this tool for bad purposes!

Savage: We will not publish it. We tried to maintain a certain balance in our research. We are not interested in raising panic. Is the attack feasible? Yes. In the end, the software in your car does not differ drastically from what is installed in your PC.

_{via cnet.com and popfi.com}

---

In general, the guys did nothing unusual or extra new, of course. But the topic raised by them is quite relevant, in my opinion. What do you think, resident of Habr?

upd: Precedents have already been: Hacker blocked more than 100 machines via the Internet.
upd2: AndroidOS will be installed on Chevrolet Volt.