A teenager has hacked into a car’s onboard computers and managed to control various internal systems.
The 14-year-old, who doesn’t even have a license, was able to activate the car’s remote start feature and control a variety of non-safety-related features including headlights, windshield wipers and the horn.
Thankfully nobody was hurt in the process. The boy, whose name is not being released, hacked the vehicle as part of the third annual Battelle CyberAuto Challenge – a five-day practicum-based camp designed to address cybersecurity in automobiles.
The event was attended by 31 students in total, ranging in age from high school to PhD students, as well as lawmakers and White House staff members.
Official procedure required participants to sit through a briefing before taking the help of on-hand experts before attempting the hack. But the whizz-kid in question declined expert help and decided to go it alone. That evening, he visited Radio Shack, bought $15-worth of parts, soldered them together and spent the night building his own circuit board.
The following day, he was able to wirelessly infiltrate the vehicle’s controller area network (CAN). He first demonstrated it by activating the car’s windshield wipers. He then unlocked and locked the doors remotely and activated the remote start feature.
He even managed to flash the car’s lights on and off in time to music on his iPhone.
Dr.Andrew Brown Jr., VP and Chief Technologist at Delphi Automotive, said: “There’s no way he should be able to do that… It was mind-blowing.”
Fortunately, the methods used by the boy limit him to toggling systems that would cause little more than a nuisance. Access to safety-critical systems – steering, brakes etc.) is a far trickier proposition, as would-be hackers need physical, rather than wireless, access to a vehicle.
Despite this, it reinforces the notion that car security systems aren’t quite as robust as many people might like them to be.
The findings from the CyberAuto Challenge were, thankfully, handed over to car makers so they can work on improving security measures.