Tech

This iPhone-sized device can hack a car in five minutes

Giuseppe Macri Tech Editor
Font Size:

Two security researchers have developed a handheld device capable of hacking a car’s computer and controlling every digital function down to steering and braking.

Javier Vazquez-Vidal and Alberto Garcia Illera from Spain plan to debut their device at the Black Hat Asia security conference in Singapore in March, and expose just how weak the cybersecurity is on manufacturer’s increasingly digitized automobiles.

“It can take five minutes or less to hook it up and then walk away,” Vidal told Forbes. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”

The $20 handheld device built entirely of commercially available parts hacks a car’s internal network to install malware that seizes control of everything from headlights and windows to serious real-time driving functions, like steering and braking.

Dubbed the CAN Hacking Tool, the small device physically connects to a car’s controller area network and receives wireless signals sent via bluetooth from a hacker’s computer, all the while being powered by the car’s own battery. The pair are working on an upgrade to let the device receive instructions from cellular signals miles away, which will be ready by conference time.

“A car is a mini network, and right now there’s no security implemented,” Illera said.

So far, the only defense auto manufacturers like Toyota have made against the device is that they require someone to physically access the car.

Beyond that several other methods have proven effective when hacking new cars, including directly plugging in a laptop, inserting a CD into the sound system, and even hacking in wirelessly through built-in cellular and bluetooth connectivity features.

“The goal isn’t to release our hacking tool to the public and say ‘take this and start hacking cars,’” Vidal said. “We want to reach the manufacturers and show them what can be done.”

Follow Giuseppe on Twitter

Tags : cars hacking
Giuseppe Macri