Hackers Reveal How They Could Steal Cars

Functions that Model S hackers were able to remotely control before Tesla issued software patches.

Hackers at Defcon 23 demonstrated the vulnerability of many vehicles to malicious computer attacks that could cripple a moving car or even hold one for ransom.

At last weekend's Defcon conference in Las Vegas, car hacking was one of the hot topics, with a Car Hacking village and hands-on classes in how to hack into a car’s onboard computers.

The revelation before the conference by security experts Marc Rogers and Kevin Mahaffey that they had successfully hacked a Tesla Model S — and Tesla's immediate over-the-air software patch in response that closed breach in the car's security systems — brought into relief the vulnerability of increasingly connected cars to malicious computer attacks.

At Defcon, Rogers and Mahaffey demonstrated how, after physically hacking into a colleague's Model S, they were able to remotely unlock the car’s doors, open the trunk, darken screens displaying speed and other information and kill the engine while the car was moving by issuing commands from an iPhone.

The fact that the Model S, the car that hackers regard as the best defended against malicious computer attacks, could be breached raises serious questions about mass-produced cars with less robust security, experts at the conference told The Hollywood Reporter.

"Tesla uses the word 'security' when they develop a vehicle, but most [manufacturers] don't," said Robert Leale, an expert on automotive computer security and organizer of Defcon's Car Hacking Village. "I think the OEMs are realizing they can't ignore the problem anymore. We're seeing the conversation happen but it should have happened 10 years ago."

At Defcon, legendary hacker and security consultant Samy Kamkar — his "Samy" computer worm forced MySpace to shut down temporarily in 2005 — gave a lecture forthrightly titled "Drive It Like You Hacked it: New Attacks and Tools to Wirelessly Steal Cars."
During his talk, Kamkar unveiled a home-built device he designed that intercepts the code transmitted by automobile key fobs, which automatically create a unique code each time the button to unlock the car is pressed — once this so-called rolling code is used it won't work again. Kamkar's device broadcasts a radio signal that jams the signal sent from the fob when the button is pressed and captures the code before it reaches the car. When the driver presses the button again, the fob creates a new code and the car unlocks. But since the code hijacked from the first button-press was never used, the car considers it a new, unique code that can be used to unlock the car when the owner is gone.
"This has been an issue now for 20 years," said Kamkar, who in July demonstrated how GM's OnStar smartphone app could be hacked with a homemade gizmo to unlock and remotely start OnStar-equipped vehicles. (GM has since patched the vulnerablity.)
Leale points out that despite these vulnerabilities, the odds of having your car hacked are small but growing. Last month, 1.4 million cars made by Fiat-Chrysler were recalled after cyber security consultants Chris Valasek and Charlie Miller demonstrated they could remotely control the brakes, transmission and other critical functions of a Jeep Cherokee through a flaw in its UConnect infotainment system.
"How many cars is that in the grand scheme of cars in the United States? Very small percentage," Leale said. "Why we won't see a big, major hack happen in the very near future is because all of these systems are so different — that hack didn't affect Ford or Mercedes or GM at all because they've all developed their own systems. But they're starting to integrate better to create one system and starting to put more of their eggs in one basket. And that's where you really need to erect better walls and create higher standards."
The financial incentive already exists for large- and small-scale car hacks. After Valasek and Miller revealed their Jeep Cherokee hack, Fiat Chrysler stock dropped by 2.5 percent — had they or a syndicate of investors shorted the stock ahead of time, they could have made millions.
Leale described a chilling hack based on so-called ransomware, which in its current form locks a computer's files and threatens to destroy them unless a ransom is paid. Uploaded to a car's computer — or in a worst-case-scenario, all of the cars using a common infotainment system — hackers could lock out owners until the ransom was paid.
"If you don't patch the system, somebody's going to do that," Leale says. "It will happen, that's 100 percent."