Imagine driving on the freeway at 60 mph and your car suddenly screeches to a halt, causing a pileup that injures dozens of people. Now imagine you had absolutely nothing to do with the accident because your car was taken over by hackers.
Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of security intelligence at IOActive, a security research company, recently demonstrated car hacks at the Black Hat and DefCon computer security conferences in Las Vegas. The researchers completely disabled a driver’s ability to control a vehicle. No brakes. Distorted steering. All with a click of a button. While the demos were with hybrid cars, researchers warn that dozens of modern vehicles could be susceptible.
Hackers and security researchers are moving away from simply trying to break into – or protect – people’s email accounts, stealing credit cards and other dirty digital deeds. Now they’re exploring vulnerabilities to break through the high-tech security of homes, cause car accidents or in some extreme cases, kill people who use implanted medical devices.
Carmakers and the government are aware that our vehicles are vulnerable. In fact, Miller and Valasek received a grant from the Defense Advanced Research Projects Agency, or DARPA, to research ways carmakers can thwart attacks. The biggest fear is the future: as cars become more computerized - or become fully automated, computers on wheels that drive for you - they’ll become more inviting targets.
But the demonstrations by security experts and hackers weren’t a peek at what’s to come. The researchers hacked a Toyota Prius and Ford Escape, two hybrid cars that are already on the road.
Certainly, hackable cars are a troubling development for people who don’t even like to use cruise control.
Hackers could also turn our televisions and webcams against us, monitoring everything we’re saying and doing. Next-generation light bulbs that are connected to the Web could be tampered with. Digital refrigerators could be turned off, spoiling food without your knowledge.
Some hacks could be mere practical jokes, albeit messy ones. Researchers have warned that the Bluetooth-enabled INAX Satis model toilets, which can be controlled via a smartphone app, could easily be hacked to spray water up instead of down. In response to warnings that its toilets could be hacked, INAX said it issued a security update for its toilets this month.
And then, there are the usual smartphones fears. At BlackHat, Kevin McNamee, the director of Kindsight Security Labs, demonstrated how to take over an Android smartphone by injecting code through the game “Angry Birds.” Once he had control of the phone, McNamee was able to remove photos and personal data from the device without the owner having any clue.
Other researchers took over an iPhone by hacking a power adapter - yes, a little white power cord - to suck passwords and emails from a device that ran operating systems earlier than iOS 7.
So, should we dig holes in our yards, bury our computers and smartphones and never drive our cars again? Some researchers said many of these demonstrations were certainly provocative, but they were more theoretical than any sort of real risk we had to worry about today.
“Sometimes there is a gap between the researcher community and the real world. Researchers bridge this gap often, but it’s not uncommon to see conference talks on exotic technologies that don’t really impact our everyday lives just yet,” said Chris Rohlf, founder of Leaf Security Research, a security consulting company, in an interview. “As technology embeds itself into these everyday devices and other parts of our lives, you will see an increased focus on their security. Anywhere you find technology you’ll inevitably find hackers.”