Car-Hacking: Bluetooth and Other Security Issues
It's not time for full-on panic, but researchers have already successfully applied brakes remotely, listened into conversations and more.
Mon, August 06, 2012
BMWs hacked via diagnostic port
Thefts of BMWs in the U.K. recently spiked as thieves discovered they could bypass the car's alarm system and immobilizers. Using devices that plug into the car's OBD port, thieves programmed blank key fobs and drove the stolen cars away.
Reports indicate that such thefts appear to work similarly: After gaining access to the vehicle, either by breaking a window or via a nearby RF jammer -- which blocks the fob lock signal from reaching the car, thus preventing the car owners from properly securing their own vehicle even if they think they have -- thieves gain access to the car's OBD-II connector. This allows the thief to gain access to the car's unique key fob digital ID, enabling him to program a blank key fob on the spot, insert the key and steal the car.
In a statement by BMWs U.K. media relations manager, Gavin Ward, the company noted it is aware of and investigating the security loophole. The loophole affects all BMW series models, from the 1 to the X6.
"We liken this increase in connectivity to the desktop computing world before the Internet: Security vulnerabilities on disconnected machines suddenly became very important when computers were networked together," says Roesner. "There's even talk among auto manufacturers about creating app stores for cars. We're at the same point in the evolution of computerized automobiles."
Roesner works with other researchers to identify these issues with the goal of addressing them before they become major problems.
Studies conducted by Roesner and her colleagues show the OBD-II port as the most significant automotive interface for hacking purposes. This port provides access to the vehicle's key controller area network buses and can provide sufficient access to affect the full range of a vehicle's systems.
Alternatively, hackers may deliver malicious input by encoding it into a CD or a song file, which may "live" on an iPod or other MP3 player, or by installing software that attacks the car's media system when it connects to the Internet.
Currently, the Internet is only a hypothetical vulnerability, however, says Roesner. "In the case of the car that we examined, we used the malicious file on a CD to exploit a vulnerability in the radio."
"In our research, we showed that attackers with access to the car's network can completely control most of the car's computerized components," she says. This could allow an attacker to sabotage an automobile -- disable the brakes or lights, for instance. "But we also showed that attackers could use such exploits to perform espionage," Roesner explains. Examples include the ability to extract potentially sensitive GPS data from a system and send it outside of the vehicle to an attacker. Also, a car could be stolen if the hacker can override the car's computerized theft detection/prevention system.