Researchers will be presenting a paper at the IEEE security conference in Oakland next week that demonstrates various attacks against the computer systems in modern cars. These attacks allow someone to control a variety of systems, including the breaks, and even erase all evidence of the attacks. We know a lot about building safety critical systems, but we seem to also be good at ignoring the lessons.
Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car’s two internal subnets.
The paper is available here.
Media coverage can be read here.