After journalist Michael Hastings‘s death, there were rumours that his car had been hacked. Now two researchers say they can do it for real
Mishap or cyber-mischief? (Image: Scott Lane/Loudlabs News)
IN THE early hours of 18 June, a Mercedes coupé travelling at extremely high speed along a Los Angeles street smashed into a palm tree. It exploded into flames, killing the driver; the impact ejected the engine 50 metres clear of the car. Was it an accident? Or was the car hacked, allowing it to be driven off the road by remote control?
The very idea might sound crazy – but it’s one that Richard Clarke, a former counterterrorism adviser to the US National Security Council, has raised after the driver was identified as Rolling Stone journalist Michael Hastings. Known for his revealing articles on the US military and its intelligence agencies, Hastings had emailed colleagues the day before he died to say that he was going “off the radar for a bit” to chase down a “big story”.
“What evidence is available publicly is consistent with a car cyberattack,” says Clarke in a Huffington Post interview. Intelligence agencies, he says, can remotely seize control of a car to make it accelerate wildly or brake suddenly, for instance.
Clarke cited research, carried out for the US National Academy of Sciences, showing that “connected cars” – equipped with built-in cellular technology used by dashboard apps and engine-monitoring software – can be hacked remotely. But proof that it could be done in practice has been lacking.
That looks set to change on 27 July, when Spanish engineers Javier Vázquez Vidal and Alberto Garcia Illera will give a demonstration at the Black Hat security conference in Las Vegas, Nevada. They have built a $25 device that lets them bypass security in a car’s electronic control unit.
The brains of a modern car, the ECU is a computer that controls engine power, transmission and braking. Mechanics can diagnose faults by plugging a laptop into it via standard wired connectors such as the CAN bus. Alternatively, remote diagnostics and software updates can take place over a cellular network, as happens with services such as General Motors’ OnStar and Mercedes-Benz‘s Mbrace.
Vázquez Vidal and Garcia Illera will show how their device – which they claim uses a $1 chip to break encryption – can read from and write data to the flash memory of commonly used ECUs, made by Bosch of Germany. In this way, they can get more horsepower out of a car, or tell it to burn less fuel. “And it would take no time to gain total control over a vehicle – deploying an airbag, activating the brakes, or immobilising a car at any moment,” says Vázquez Vidal.
How they have done this is unclear. “My best guess is that they have managed to put the ECU into an unencrypted test state, possibly by playing around with power-up sequences,” says Peter Highton, a senior engineer with Freescale Semiconductor in Aylesbury, UK, which makes ECU microchips for racing cars as well as ordinary vehicles.
For security, connected cars should use encryption, but Highton says carmakers are only just coming to terms with it. “Until as recently as five years ago, data on the CAN bus of most cars was unencrypted, and so could be intercepted and altered.”
Whatever the causes of Michael Hastings’s crash, the need to make cars secure against hacking will only become more acute. The next version of Vázquez Vidal and Garcia Illera’s device won’t even need plugging in to the target car. “I am already working on a wireless version,” Vázquez Vidal says.
“Reporter Assassinated?” was AMERICAN FREE PRESS’s Issue 27, page 1 story describing the mysterious “accident,” just before investigative journalist Michael Hastings was going to go underground to avoid government agents trying to silence him. There is new information uncovered by AFP’s investigators, however, that tells the chilling rest of the story about the latest weapons in the Obama administration’s war on journalists and whistleblowers, who have the courage to tell the truth.
Now, another brave whistleblower has come forth. He is Richard Alan Clarke, the former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, serving under Presidents Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush.
Clarke confirmed AFP’s suspicions about Hastings’s “accident.”
According to Clarke, the car crash, which occurred on June 18, was “consistent with a car cyber attack.” There is reason to believe that intelligence agencies for major powers—including the U.S.—know how to remotely seize control of a car.
“What has been revealed as a result of some research at universities is that it’s relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn’t want acceleration, to throw on the brakes when the driver doesn’t want the brakes on, to launch an air bag. . . . You can do some really highly destructive things now, through hacking a car, and it’s not that hard. . . . So . . . I think whoever did it would probably get away with it,” Clarke said.
Some of the spooky ways the government can “get you” have been uncovered by AFP, but were first revealed by Dr. Kathleen Fisher, a program manager at the military’s Defense Advanced Research Projects Agency, who wrote recently:
Modern vehicles consist of between 30 and 100 embedded control units [ECUs], essentially small computers . . . designed to allow microcontrollers and devices to communicate with each other within a vehicle without a host computer. Researchers from [the University California, San Diego] and the University of Washington showed they could take over all of the functionality of the car that’s controlled by software. And in a modern automobile, that’s pretty much everything . . . breaks . . . acceleration . . . even the steering.
[There are] a variety of ways of [remotely controlling a target vehicle] without physically touching the car. These attacks involved infecting the computers and repair shops . . . or hacking into the blue tooth system, or using the cell phone network [or GPS, OnStar, etc.].
The most ingenious attack . . . used the stereo system in the car. The researchers were able to craft an electronic version of a song that played just fine in your household stereo system or on your personal computer. But when you put that on a CD and played it in the car CD player, it took over total control of your automobile. Yeah right—pretty scary, huh?
ECUs are the ubiquitous targets of Stuxnet, Flame and other computer malware designed by Israel and the U.S. to control and destroy vehicles, electric power plants, water and sewage systems, airplanes, drones—everything. Your only defense against Big Brother’s plots is courageous whistleblowers, journalists—and, in the words of Washington—Divine Providence.