This is certainly not the first car hacking research talk, but in light of the conspiracy theories and the possible reality of cyberattacks on cars, I thought we might look back at some of the proven ways that someone other than the driver can remotely take control of the car. One of the oldest is OnStar, with its Stolen Vehicle Slowdown technology allowing for remote control of vehicles, such as to stop a high-speed car chase [video]. A disgruntled laid-off hacker in Austin, Texas, remotely hacked more than 100 vehicles, bricking or disabling some cars and causing others to have "horns honking out of control."
At Def Con 18, Rutgers University and the University of South Carolina security researchers presented "Letting the Air out of tire pressure monitoring systems" [pdf]; they demonstrated how to wirelessly hack a car's tire pressure monitoring system and send fake tire pressure warnings, while it was being driven on the road, before frying the onboard computer. SNOsoft Research previously delved into hacking your car for fun or profit and showed it's really not that difficult to program a car to kill a driver. Other research included a "self-destruct" attack — "It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes" [pdf].
In a 2011 report, Comprehensive Experimental Analyses of Automotive Attack Surfaces [pdf], the researchers used a virus to infect a dealership diagnostic tool and pass the infection to any car connected to it afterwards. They could" disable the car, listen to conversations in the car, turn on the brakes, etc." Also in 2011 we saw war texting to steal a car and hacking to pwn a cop car. We've also looked at security predictions, claiming hackers will target and cyberattack high tech cars.
Other security experts claimed that any computer control in the car could be hacked, including the "engine, lights, radio, wipers and electronic display." Malicious attackers "could seize control remotely through the panoply of wireless devices attached to the car, such as cellular, Bluetooth, radio and tire pressure monitoring system. If you can take over the radio, you can use it to reprogram all the other computers." Even doctored CDs, or malicious input on an iPod could be used as an attack vector to exploit a vulnerability in the car [pdf].
While I'm not saying Hastings was killed by a cyberattack on his 2013 Mercedes, Clarke is correct that it's entirely possible and almost impossible to prove any such assassination that might occur. The LA cops would doubtfully have the "expertise to trace such an attack." Clarke added, "You'd probably need the very best of the U.S. government intelligence or law enforcement officials to discover it." Clarke stated:
Sign up for Computerworld eNewsletters.