When scientists with the Center for Automotive Embedded Systems Security (CAESS) tested some recent cars’ security systems by “hacking” into them with an MP3 player hooked up via the OBD-II port, they realized that they could indeed not only hack into the car, but enable and disable some features and even remotely unlock the doors, start and kill the engine, disable the brakes and in some cases even do it remotely with a cell phone.
This, paired with more research done at the University of California, San Diego, and the University of Washington who have spent the last two years researching a similar way to hack into vehicles.
What they’ve done is embed some MP3 files with malicious code that would then install itself over the car’s stereo system firmware, and in lots of late model cars, the stereo system controls all the rest of the vehicle including the GPS, self parking systems, and of course the music.
In another example they claim to have been able to infect an Android powered cell phone with a trojan class malware that then would inject itself into the car’s systems by way of Bluetooth whenever the user paired his Bluetooth cell phone with the vehicle’s hands free system.
The problem seems to be that automakers have concentrated their efforts into making their keyfob system impenetrable, meaning that the data between the emitter (the keyfob) and the receiver (the car’s kill switch) is encrypted. However, that’s like encrypting communication between your phone, and your mama’s. It’s all nice and fancy until someone breaks into your mama’s house and uses the phone without her permission to make an encrypted call.
Technology will be our ruin…