Carjacking Your Vehicle is as Easy as Playing a Song in it for 18 Seconds!
So you thought that having computerized systems in our car made it a little tougher for the carjackers? Well, think again, a group of researches say that carjacking a vehicle is so easy with the new technology that you can put in a malware just by allowing the car to play a said track of song!
Stefan Savage, professor of Computer Sciences at the University of California, San Diego who heads the research team claims “basically, give me 18 seconds of playtime and we can insert the attack code” in the modern car’s operating system.
He was talking to the Usenix Enigma conference in San Francisco on Tuesday where he explained that cars these days use a mash up of different third-party and OEM software that end up making the car vulnerable to hacking and hence carjacking.
This is so because some of the operating systems being used in the vehicles are not as hard to compromise as others; for example, the entertainment system.
Savage explained how they managed to attain full control of a car by playing a malware bearing .WMA track from a CD inside the car.
He says that most of the cars have a government-mandated OBD-II port and mastering that makes it easy to master the car’s security system as well. Also, a simple firewall is not going to help in this because of the variety os systems at play in many cars.
For cars the OEM is not the developer, they are the integrator, so there are software supply chain issues. Source code is frequently not available, so code inspection does not work, since no party in the world has access to all of a car’s source code.
A firewall is not going to do it, the architecture is too complex and cost really counts to these guys – saying ‘It’s only a $5 fix per car’ doesn’t cut it. That said, there could be a great tinfoil hat boutique business for hackers who want to pimp their cyber ride with a firewall.
In short, the only way right now to avoid such a carjacking is to have a remote updating system.