Analysts predict that the majority of cars will feature connectivity within the decade.
(Photo : Hyundai)
Two Spanish security researchers have created a smartphone-sized device with about $20 worth of materials that can hack a car's connectivity system to tamper with brakes, steering and more.
Javier Vazquez Vidal and Alberto Garcia Illera plan to showcase the device at the Black Hat Asia security conference in Singapore next month, Forbes reported.
"It can take five minutes or less to hook it up and then walk away," Vazquez Vidal, an automobile IT security consultant in Germany, told Forbes. "We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do."
The gadget works by hooking itself through wires to the car's Controller Area Network. Pulling power from the car's own electric system, the tiny device can issue wireless commands from a hacker's computer.
The researchers tested the device, which Forbes describes as about three-quarters the size of an iPhone, on four different models to see what commands would work from a distance.
Forbes reported that "their tricks ranged from mere mischief like switching off headlights, setting off alarms, and rolling windows up and down to accessing anti-lock brake or emergency brake systems that could potentially cause a sudden stop in traffic."
By next month's conference, Vazquez Vidal and Garcia Illera plan to have implemented cellular radio so the device can control a car from miles away. The tool currently uses Bluetooth, which only lets it attack from a radius of a few feet.
Depending on the model, the researchers sometimes needed to get under the car's hood or in the trunk to hook up the gadget, but other times simply had to crawl under the vehicle.
The researchers don't plan to release the hacking code they used; the project is simply to show carmakers that security is a serious issue when it comes to connected cars.
"A car is a mini network," Garcia Illera told Forbes. "And right now there's no security implemented."
Automakers have seemed reluctant to admit that putting wireless connection in cars and implementing self-driving technology both open the door for hackers. Many have raised privacy and safety concerns, including Massachusetts Sen. Edward Markey, who sent a letter to 20 automakers demanding they address the issues, and AAA, which recently called for a consumer data "Bill of Rights."