August 20, 2013 • 32 mins
From predictive braking to satellite radio and automated parallel parking, modern cars have some amazing technology onboard. But could this increasing sophistication also make cars increasingly vulnerable to hackers? Tune in and learn more with Scott and Ben.
Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Go behind the wheel, under the hood and beyond with
car stuff from how Stuff Works dot com. Hi, and
welcome to the podcast. I'm Scott Benjamin and I'm Ben Bulling.
And we've got a topic today that, Um, well you
suggested this one to me and at an interesting topic.
(00:23):
I think you probably know a lot more about this
than I do. Um, we're talking about car hacking today. Yeah, yeah,
we are. And we're not talking when we say hacking,
we're not saying it in that kind of pop culture
way when people are saying stuff like, you know, hacker
altroids ten and make it a new, neat crafty thing,
find a way to make your windshield wipers work better,
(00:45):
or something like that. Right, We're not talking about hacking
as in minor improvements or tweaks. We're talking about hacking
as in penetrating the system of a car to make
it do things against the will of the dry her,
any critical systems in your car, attacking those and then
and then somehow altering what they do with their function
(01:07):
is the way that they operate. Right, And it sounds
it sounds a little bit like it could be and
you know, the Bourne identity or maybe taken three if
that ever comes out. Way, did you ever see Taken? No,
this isn't becoming increasingly important to our podcast. I am
gonna buy the DVD of Taken. I'm going to give
it to you for your birthday. Fair enough, I'll watch
(01:28):
it if you give it to me. Okay, deal, and
everybody listening to hold us to it. Um, just because
all of my references to that film are falling flat.
So it taken at an action film? Whatever? Right? So
taking as an action film, just like James Bond Bourne
identity kind of stuff. Picture that That's what car hacking
sounds like, you know, as though some shadowy organization has
(01:50):
taken their top secret evil guys cell phone, typed in
a code, and all of a sudden, the heroine's camera
is in nine miles an hour. But what we wanted
to do in this podcast is talk about whether or
not there's any truth to that strange hypothetical situation, um,
(02:12):
and if so, how much of it is real, how
much of it is exaggerated? And what does it mean? Well,
I guess I mean, I've I've heard this kind of
thrown around quite a bit recently. Is that you know
they say that the more connected we are the more
vulnerable we are, right, I mean, it's supposedly we're talking well,
I mean obviously with the recent news about all the uh,
the leak information, the oh, like the N s A
(02:34):
stuff exactly, the N s A. I couldn't come up
with the acronym there, but the N s A stuff
that's been happening recently. Um, so, is it is it
true that you know, we're we're this open when we're
talking about really a cars and trucks. I mean, I
understand that, you know, devices that were potentially using for
a lot of personal information. Um, I understand that that's vulnerable.
How vulnerable are cars and trucks? Really? I mean it
(02:56):
just doesn't seem to make sense to me, Like, what's
what's the benefit of all that? Really? Yeah, and that's
a that's a great question. But I feel like that's
two questions at once. So let's tackle the first one,
the first part of it, which is how vulnerable are
cars and trucks? And then let's tackle the second part,
which is what's the benefit? Um maybe towards the end,
because that's a that's a little bit more more of
(03:18):
a difficult thing to crack. Well, first, when we talked
about the vulnerability of cars and trucks, modern vehicles that
we have to talk about e c u s or
electronic control units, and you know all about that. So
what what would that be the most basic level? Well, okay,
I mean that's that's pretty simple one. That's the endine
control unit. UM. Some people also call that the powertrain
(03:38):
control module, which is usually PCM is what they they
abbreviate that, but UM, and it's typically I mean that's
what you're gonna find in fuel injected engines. Uh So
anything from like the late nineteen seventies to early nineteen
maybe the early nineteen eighties through today. UM, a lot
of those cars are gonna be vulnerable versus like a
carbureted car which doesn't rely on an ECU for fuel
(04:00):
programming and that type of thing. You know, the multiple
sensors that that you know, send data back to this
this one processor, which is the e c U, and
it interprets all this data, uh that that it that
takes in and then it adjusts everything accordingly so that
your car operates in a smooth manner and has all
these parameters that it that it it's like a computer,
it's a small computer in your car, and there's there's
(04:22):
a lot of these, I mean most of them are
you know these uh, these these satellite sensors I guess
that send information back to these main control units. So
like the CU is one of the main control modules,
and then it's got a lot of sensors that that
send data back to it. Yeah, think of like nerves
talking to nerves in a limb talking to the brain exactly.
(04:42):
I mean, but it controls a lot of very important things.
I mean it will control like the air fuel ratio,
idle speed, UM. If your car is electronic valving, it
can control you know, when the valves open and close
UM or the rate at which they open and close UM,
ignition timing man you can you can set with with
e SEU. You can reset the revelements in the car.
The fuel efficiency can be kind of adjusted. We know
(05:05):
whether it runs rich or lean fuel mapping, gear selection.
Just all these different things are run through this one
control module. And then you know, you gotta remember that
there's there's many many control modules in the car. It's
not just that one. I mean there's a there's a
whole list of control modules and sensors of course, and
a lot of them are a lot of them are
sensors that people call, you know, um ECUs modules rather
(05:27):
well not e ceuse e c e see is one
specific thing. It's a lot of the sensors are a
specific purpose module, correct, and they and they send back
information to this main unit. But then there are other
other main units as well to control different things. So um,
you know, and it's nearly impossible to keep up with
every manufacturer and every module that they have, but cars
(05:49):
are being built with more and more, and that's probably
not a surprise to anybody, right, Yeah, there's one recent
estimate that suggests the typical luxury sedan contains over one
hundred mega bites of binary code spread across fifty to
seventy independent computers. That sounds terrifying. So it's also really convenient.
But as a backyard mechanic, right yeah, you know, the
(06:11):
reason that I don't like it that much is that
sounds like something you and I couldn't just fix at
your garage. That's definitely something you can't fix on your own.
There's not there's not enough duct tape correct for that.
But the the idea here that that you raised is
a really great and interesting point which is is this
increasing sophistication a double edged sword, has increasing the electronic
(06:36):
sophistication of our average daily drivers also increased our vulnerability
to sophisticated forms of hacking. And the answer, unfortunately is yes. Yeah.
And those hackers, that's that's what they do. They they
highlight or they they focus on those vulnerabilities and they
and they just make them into um an example, know,
(07:00):
they say like, here's what I can do. It isn't
that scary? And that's what they're doing right now. And
that's what we're seeing in a lot of these articles
and video clips online that we can watch that so
you know, show people doing different things with different cars
that you know that frightens people to say, like, oh
my gosh, somebody can can you know, prevent my car
from breaking if they want to? They can turn it
(07:20):
left at you know, a ninety degree angle if they
want um at will. That's scary stuff. But is that
really the reality? Is that really? What's is that what's happening?
Maybe we'll get into that later on, I guess, but
but first tell me, Ben, because you know a little
bit more about this, like who maybe somebody who would
do something like this is I mean, is it just
(07:41):
kind of the average car mechanic that's into this kind
of thing, or is it? And it's not really somebody
who's in the past been kind of a wrench turner,
you know that they would pick this thing up. I mean,
not that they can't, but it's more on the lines
of like a computer scientist or somebody who would be
interested in this, right, sure, yeah, absolutely, it's more someone
who would be interested in how to in the question
(08:03):
of how do we access and exploit that code? How
do we put a malicious program of some sort in there?
So it's, um, the person who's doing this is not
the same person who would just break a window and
take the your the face of your radio or something.
But um, not yet, not yet, at least unless it's
(08:23):
that simple. So oddly enough, these sorts of exploits of
vulnerabilities have been known to people who are interested for
some time now, and we know about it because we've
seen some studies, uh that I that I have here.
I'm the one with obsessive notes today. You've got a
(08:45):
pile of notes there. And we've also seen some demonstrations
by what are often called white hat hackers. So for
anyone not familiar with that terminology, Uh, there's they're off
in uh two categories of hackers that are broken down
to people. And I don't know how accurate this is.
(09:06):
They're white hat hackers who are sort of the good guys.
And the white hat hackers will um find a vulnerability
in a system, you know, like how do you how
do you get somebody's personal information or credit card information
out of maybe using Amazon once or twice, and they
find that way out. But the reason they do that
(09:27):
is to show it to Amazon or show it to
authorities and say, this is what happens, here's the problem,
fix it so that they can kind of ensure the
safety and shore up the security now, so they don't
do it for their own benefit, right and and black
hat hackers, of course would be the people who are
a bit more mercenary about it. So this our story here,
(09:49):
the reason this has come up in the news recently,
two guys that we can go ahead and call white
hat hackers, Charlie Miller and Chris Valisek, did a DARPA
funded study. Now we remember DARPA, right of course. Yeah,
they're the uh they're the mad science Department of the
United States Government. Sure. Yeah, but they do all kinds
of really cool projects. I mean, they had the the
(10:11):
ex prize. Is that the exprise is that I think
it's something different. That's the that's the space race fore Okay,
I'm sorry, I was thinking of something different. But they
also had the the autonomous car challenge that they did.
Um they've got that creepy looking walking robot, um you know,
the one that looks like a weird dog or something. Yeah. Yeah, man,
They've got a lot of cool toys and a lot
of They do a lot of interesting projects in that
(10:33):
arm right, and they are one of the groups that
has been instrumental in the move toward autonomous vehicles. They
also funded um Miller and baalisc As. These gentlemen conducted
an experiment to see if it was possible to hack
a car and if so, how to hack a car
(10:54):
and spoiler alert, they succeeded. There's actually a video you
can watch right now UM online with these gentlemen demonstrating
the car hacks. And that was what I was mentioning
when when it looks a little bit terrifying, and you know,
he said that, you know, they can control the brakes
they can control, you know, whether the vehicle turns left
(11:14):
or right. And um, these guys were sitting in the
back seat where where the journalist was driving, and you
know they said they weren't gonna put themselves in him
in any danger supposedly, right, But they were in kind
of an open field area back a lot somewhere, and uh,
you know, they would just kind of mess with the systems,
like you know, ahead and drive straightforward and uh, they
would tell the vehicle that, uh to display that you know,
(11:37):
they're traveling one. And they did that and it changed
to that, and then they switched it back down to
I don't know five or one or something, which caused
the seat belts to tighten up because it thought that
you know, it had instantly gone from one to one
mile an hour. Um, so you know, the seat belts
tightened up. And then they did that intentionally, they tightened
up the seat belts on him. Um. It was kind
of a jerking, you know, fast motion. It was kind
(11:58):
of scary to watch. The pretty engineer is firing. Um.
Then you know, then they shifted the car into different
gears and they made the horn go off, you know
for an extended period of time. Is nothing he could
do to stop it, um, all kinds of different things.
I mean, it was just and they could steer the
car from the back seat, which is the use of
a keyboard. Yeah, And I think the scariest part is
for me, one of the scariest parts was either seeing
(12:20):
the steering wheel move apparently of its own volition, or
seeing him hit the brakes without doing anything, because anybody
who has ever had a brake line problem knows that
it is terrifying when the brake pedal just goes down
and does nothing. Absolutely, absolutely, but they were they were
also you know, one thing we need to point out
is that they were in the vehicle and they were
(12:42):
plugged into a communication port. Right, they were plugged into
a data port. And this is I'm glad you said
the Scott because this is something that is crucial to
the argument here. They did not have what we would
call a wireless hack. They had physical access to the
two cars us that they reverse engineered. Those two cars
were two thousand nine Toyota Prius and Afford Escape, which
(13:05):
I believe was also a No. Nine. And with these vehicles,
what they had done is they had taken the software
of the e c U, and they had found they
had written their own software too in to inject within
this system via a physical connection. And when they were
doing this, they were able to sit there with their
(13:28):
computers plugged in and manipulate the car that way. And
so Toyota responded to this. Just for the record, Toyota
said that they didn't really consider this hacking because of
that that huge catch, because of the physical connection, right,
because the physical connection, So we don't in this case,
we don't really have some sort of action movie scenario
(13:51):
where you know, doctor No or whatever is steering somebody
gleefully on his cell phone that's sitting sitting on a
hillside watching them approach a tight corner, you know where
the cliff, you know, on the edge, and and and
you know, suddenly the steering and the brakes go out.
Nothing like that. This is like these guys are in
the back of the car, plugged in, saying okay, just
for a second, I'm gonna I'm gonna take the breaking
(14:13):
ability away, and then and then reinstated, you know, allowed
to happen again, because you know, I don't want to
hurt myself either. But the real fear The real threat,
I guess would be if there was a wireless attack
on a car, if somebody were able to somehow wirelessly
hack into the systems. And that's what Toyota was careful
about saying, is that we we specifically, you know, tell
(14:33):
our engineers to protect these cars against wireless attacks. You
know that they're not able to be controlled remotely in
any way. Um, And that was that was the distinction
that they said, is that, you know, it's it's a
very important distinction to make that you know, these these
cars right now can't be wirelessly attacked. I mean not
to say that it won't happen in the near future,
that they can't. You know that, you know, because it's
(14:54):
a cat and mouse game, you know, the way the
engineers developed products and then the hackers try to to
hack those products. Well, I've got some news to lay
on you now, but I promise you that all of
our cars are okay, are probably okay, all of our
cars are okay, Astra, and we'll get to the straight. Yeah,
there's a reason that Miller and Balisac did not try
(15:17):
to do wireless or remote access. The hack. Well, a
team of researchers at University Washington, University of California, and
San Diego already found that they could wirelessly penetrate some
of the same critical systems that these guys targeted that
Miller and val Sac targeted. And the way that they
did this relied on a couple of different things. They
(15:40):
looked at some Bluetooth bugs, some UH Android apps that's
Android software, seeing if they could establish a cellular connection,
kind of rogue mimicking on Star, and even seeing if
they could put it a malicious MP three file on
a CD. And this stuff was all, you know, theoretical
(16:02):
proof of concept POC stuff. But from what they found
on their papers here, they constructed a couple of challenging
and scary, frankly scary scenarios if they could happen. So
we'll just talk briefly about these scenarios, but before we
do remote hack. Is it possible? Is it possible? Here's
(16:25):
the strange thing. So according to these UH these papers
that we mentioned earlier, from UH this, it is theoretically
possible for someone to remotely hack a car. What you
can look for if you want to read more about
these studies would be two that we can recommend. That's
Experimental security analysis of a modern automobile. I know it's
(16:50):
a racy title, right, that's pretty long. Yeah. And then
there's Comprehensive Experimental Analyzes of Automotive attacks surfaces. That's far better. Yeah,
it rolls off the tongue. Yet. So in these, in
these they found a couple of different things. First, they
said that in their introductions they say the same thing
we did. Like all of the network hacks for cars
(17:14):
control the at control area networker can access hacks have
require prior physical access UM, So it was no open
question if automobiles could be susceptible to remote compromise. In
the comprehensive experimental analyzes, this is one that found exploitation
is feasible via a broad range of what they call
(17:36):
attack vectors. Says the CD players, that's the bluetooth, the
cell cellular radio, that's even mechanical tools in case you
have an evil genius mechanics, what about keys? Because there's
a there's a current UK court case going on um
in this date society, some of these these articles are
right up to this day, I mean late July early
August UM where in the United Kingdom and judges ruled
(17:59):
that three computer scientists may not publish a paper UH
that contains or describes how a weakness in a cryptographic
algorithm UH can identify ignition keys in certain vehicles and
those those vehicles are Volkswagen vehicles. Um, there's a there's
a weakness there that includes the course Porsche, Audi, Bentley, Lamborghini,
and of course VW proper um and VW says that
(18:21):
the information can be used to steal their cars. And
the way that they're coming back with this is the
researchers of the hackers, I guess are saying, Um, this
computer scientists. I don't know what to call them. I guess,
um they're coming back. And then they're claiming that, you know,
if if the info is all the simple information is
available online and that they told the company about the
(18:42):
problem nine months prior to this, but nothing was done.
So there's the security flaw in well, potential security flaw
in millions of Volkswagen products at this point. Um, you know,
via the signition key situation that you know, hackers may
be able to you know, um, over I had you know,
car mobilizer systems and be able to drive away with
(19:03):
cars with the the wrong key and I don't know,
if you know, maybe that's not the case. Maybe they'll
be able to just get into the vehicles because they're
what they're doing is able to They're able to take
the information from the key, and I would assume they'll
be able to do make a dummy key that would
work right right, Yeah, that's that's the idea. And what
what's being um banned from public discussion in that in
(19:25):
that paper is the method that the researchers, the computer
scientists themselves used to access that. And I gotta say, honestly,
it's a difficult thing to tackle from bw is and
because this is, uh, this is a computer thing. But
it's not like it's not like the company can issue
(19:47):
a fleetwide patch. No, this is I mean, like I said,
this could be potentially millions of volk Flagon products. And
I don't think that they're probably the only one that's
vulnerable or something like this. I would think that there's
got to be gap somewhere in other automakers security. It's
just you know, if if somebody works hard enough, they're
gonna be able to exploit that area. That's that's a
(20:07):
weakness there that they see as a weakness and somehow
make that work for them. And that's that's really what
the heart of all this is that attackers find that
one weakness, that one loophole, that one little opening, and
then they just exposed that. Right. And when we were
covering this, when we start looking at this, it's strange
when you think about that side of it, because you
(20:28):
don't want as a car owner or a car manufacturer,
you don't want that knowledge out in the either. You
know absolutely, how can you protect yourself against something like that?
And that's really the mission that Charlie Miller and Chris
Valiseek we're going on. They're both directors or security engineers.
(20:52):
Valise I could think is a director of security at
a place called IOActive. And they went with the knowledge
that they gained. They're the guys did the escape and
the prius. Of course, they went to a hacking convention
pretty much a hacking convention called def con Um and
that was in that was this month as we're recording
this August of Oh and excuse me, I think their
(21:14):
test cars were two thousand, ten four to Escape and
Toyota Prius a little more modern, a little more modern,
but the idea here is that by demonstrating what could happen,
we can better prepare in the future for those kind
of exploits. So again, they're white hat hackers and that
they're they're saying like, here's here's what we've been able
(21:34):
to do. What are you gonna do to fix this
because here's the here the weaknesses that we found, now
fix them, right, And they really are hacking. We said
they were accessing the e c US for each car's features,
but what they're really accessing is they're they're kind of
they're swindling. Occurs. Their bait and switch of programming occurs
at the the can so the central access network, the
(21:58):
car access network, so they use they can bus, right, Yeah,
the can bus is really the communications system. That are
the way that the vehicle communicates from module to module.
That's the system that it operates on. So that's the
way modules control I can can talk to each other.
Right and they interrupt that, Yeah, they interrupted and insert
their own code. Now they also um, just so we
(22:21):
can get this out here. These are also not just
interested parties who were you know, they're not they're not
new to this at all. As what I'm saying, there's
there's a heck of learning curve. The only way that
these guys were able to do this is because they
are um well intentioned, I would say, beneficial, um brilliant men.
And when they built off of this earlier research or
(22:45):
in comparison to some of this earlier research, what what
we have learned then is that it's quite possible that
this technology has already existed for time and in some form.
You know, like I wouldn't you sup not to sounding conspiratorial, Scott,
but I wouldn't be surprised if this was something that
DARPA already kind of knew about. I. You know, I
(23:09):
kind of get the same feeling. And of course, you know,
this is a government funded study that we talked about,
but I have the same feeling that if we know this,
then how far advanced are they? Because they don't tell
us what they really know? And everybody knows that. I
know what you're saying. You know, it sounds a little conspiratorial,
but but really they're not going to release what they know.
Right now. We're kind of behind the curve on this,
(23:30):
you know, it's it's it's something that you know, we
know that they're a little bit more advanced than what
we know already. In fact, they're probably a lot more advanced.
Can I can I mention one thing though you said
that you know this has kind of already been out there.
I I initially when I when I thought about this,
when you mentioned this as a topic, right away, my
my thoughts went to GM's on Star program. Yeah, and
(23:50):
it's good that you mentioned that. And I have a
question for you because now I mean, is that is
GM's on Star system really considered like a hacking system
because hack because car owners pay extra for that. They
know it's there. GM designs it to do exactly what
it what it does, They know everything that it can do.
But I think there's some surprises along the way, and
(24:11):
that you know, I've seen some video of like a
police chase that was ended via on Star. You know,
they they simply contacted on Star and said, you know,
shut down the shutdown the fuel system. And I don't
know if they they actually pulled the vehicle off to
the curb or not, but that the vehicle came rolled
to a stop, the doors were locked to keep the
suspects suspects in the car that they were chasing. I mean,
(24:34):
it seems like, I mean, it can be used for
good purposes like that. But I don't know if GMS
on Star system would be considered a system that that
is a hack. Really, I don't. I don't think so.
I don't think so, because what this goes back to
some of the stuff that we have talked about when
we talked about autonomous cars or the idea of having
(24:54):
some sort of infrastructure, right, something else in control, right,
a sky net for car for all the terminator fans
out there, and an on Star is sort of you know,
sci fi drama side, it is sort of the sky
net for those enabled cars. And I don't think it's
a hack because the hack implies that there is something
(25:17):
a little d I Y do it yourself or um,
something away from the original purpose. I totally agree. But
then there's those little things you know, that they're able
to do in addition to and it's not I'm not
saying that they're hacking their own system, but I'm saying
that they're activating different things that that people may not
know are there. They're hidden systems, they're hidden technologies. They're
(25:39):
they're able to able to do things that maybe you
know if you had read the fine print on the contract,
maybe you would have had a hint at it and
had to really think, like, what does this really mean
to me? Most people don't read all that fine print.
But but I bet that those those suspects were in
that high speed chase, we're surprised when suddenly, you know,
the vehicle stops and the door and the doors lock
(26:01):
on there by themselves, and the windows won't come down,
and you know you're trapped in the vehicle. That is
that is uh and it's all being done via satellite. Yeah. Okay, Well,
now that you're saying that, I'm I'm getting a little
bit freaked out. Not that I was planning to steal
the car, okay, and just and just you know, a
couple more quick things that I had because you know,
I'm kind of the I'm riding along on this episode.
(26:21):
You know, I'm I'm learning from you on this. But um,
as far as evil, you know, using it for good,
I understand that you know, these guys, these white hat hackers,
they they're able to, you know, tell people what's wrong
and and please fix this because there's a security issue,
there's a safety issue. Whatever um being used for evil,
I can I can completely see that in that, you know,
(26:42):
as far as like car theft obviously things like that.
You know, like it's maybe easy to unlock someone's car doors,
you know, like to with the key replication thing, to
be able to access a vehicle, to be able to
steal a vehicle or even maybe just steal what's inside
the vehicle. Yeah, it seems like a lot of work.
I understand if you have some kind of key cloner,
sure that can uh compromise security wireless entry, But it
(27:05):
does seem like a lot of work to just steal
a car. But but I guess a lot of people
will instantly think like, Okay, if somebody's accessing the systems
in my car. They're not really they're not thinking that way.
They're probably thinking, man, what if what if I'm driving
down the road and someone takes control of my car
and steers me into that wall over there? And I know,
it's it's kind of a silly thought because really, I mean,
how many how many of us are really wanted or
(27:27):
or you know, um or on the run that way
that you know somebody would want to do that to
us or or you know, and it would have to
look like a car accident. Yeah, I guess so. I mean,
I mean, you know, trying to kill somebody or to
to quote send a message to somebody, you know, like
in the movies, you know, like a like a like
a mob hit or something. It's not quite like that.
And and but that's what you know, initially people think
(27:49):
of that, and it's not really that way. It's it's sure,
it's dangerous because you know what we've seen that they
can control steering and breaking and all that. But um,
but really, I mean it's not it's not anything like
what we think. It's probably used for theft more than anything. Yeah.
So that's that's a good point because it's it's easy
to start to go down that path and think, oh,
(28:11):
now every car accident is suspicious or's something like that,
you know, and I don't know, um, I don't know
how accurate that could be. Because we have to keep
in mind that these hacks that are being demonstrated, our
hacks that have been researched by experts for months or
even years, and the tools that they have come up with,
the software that they have created, works under closely controlled conditions.
(28:36):
Because that's the nature of science, we have to have
an understanding of as many variables as possible and control
over those variables. UM. The way I think it was
Charlie Miller who said this, the way that they phrased
it was we're addressing something that's not a problem yet,
but we think it could be in some in some time,
you know, and one of those sort of ominous sooner
(28:58):
than you think things. So in conclusion, what I can
say with this is that, UM, is that guess it
is possible to hack uh parts of cars? Yes to it. Agree,
it is true that the increasing electronic sophistication of vehicles
does make them increasingly vulnerable to electronic means of compromise.
(29:20):
But with all that being said, UM, the technology and
expertise required to access a car this way is far
from widespread at this point. So as far as like
you know, a driver preventing a car hack, um, it's
not necessarily something you need to worry about right now.
I mean, they're safety concerns, you know, the ways that
(29:40):
you can protect yourself versus somebody coining your keys. Obviously
you don't maintain control your keys at all times and
make sure that there's no one kind of wandering around
with some type of code reader or something as you're
as you're entering your vehicle. I don't know. I mean
that seems a little tougher to to to guard yourself against.
But you don't really need to do anything right now
to prevent a car hack from happen. You don't need
to buy lead shields for you. You don't need to,
(30:03):
you know, beef up the security on your car in
any way to to you know, the the electronics security
in your car um more than you normally would. It's
not something that you have to actively pursue at this point, right,
I've got some Yeah, I've got some great advice here.
Two pieces of advice. First, don't let your hacker friends,
no matter how well intentioned they might seem, spend ten
(30:25):
months teakering with your car and installing data porch. That is,
that's at least the yellow flag. That's very good advice,
thank you. And And secondly, if you're feeling if for
some reason you do feel really paranoid, we we hope
this podcast hasn't made you paranoid, but if you do
feel that way, then UM, ask yourself if you really
need to have enabled Bluetooth access to your car, maybe
(30:48):
you could just call them when you get to wherever
you're going, fair enough. And uh. On that note, I
think there's an interesting thing. I'd like to return to
it in the future to see what happens. But um,
I mean, realistically, it's enough and we need to worry
about right now. Yeah, realistically, there's nothing you need to
worry about unless you are a secret agent being hunted
by other secret agents. I I don't know, or unless
(31:10):
you like personally prank called DARPA constantly and they're gonna message.
I feel kind of the same way. I don't. I
don't feel threatened by this very much. No, no, I
I don't think. I don't think it's a threatening thing yet.
But I think that the people, the researchers, the computer scientists,
who are showing us the possibilities here. I commend their
(31:34):
actions because they are because they are acts of charity,
and it's stuff that the stuff that people should know.
And of course I've got the number one silver bullet advice.
What's how to prevent these kind of car hacks? What's
that by a classic car? Fair enough you have no
electronics involved and uh, and your your hack free, I
guess right. Finally, you have an excuse to get that
fifty chef that fifties chevy right exactly. Um, all right,
(31:57):
So that's it. We hope you guys enjoyed this up.
So we are going to foul out bracefully to our
hopefully unhacked cars. You can drop us line, let us
know what you think about car hacking. Let us know
what you would like to hear in the future. You
can color at us on Facebook. You can talk to
us on Twitter. I guess you can teach us on Twitter,
(32:19):
or if you'd like to cut out the social media
rigamarole altogether, you can send us an email at car
stuff at Discovery dot com. Well for more on this
and thousands of other topics, this is how stuff works
dot com. Let us know what you think. Send an
email to podcast at how stuff works dot com.
Go behind the wheel, under the hood and beyond with
car stuff from how Stuff Works dot com. Hi, and
welcome to the podcast. I'm Scott Benjamin and I'm Ben Bulling.
And we've got a topic today that, Um, well you
suggested this one to me and at an interesting topic.
(00:23):
I think you probably know a lot more about this
than I do. Um, we're talking about car hacking today. Yeah, yeah,
we are. And we're not talking when we say hacking,
we're not saying it in that kind of pop culture
way when people are saying stuff like, you know, hacker
altroids ten and make it a new, neat crafty thing,
find a way to make your windshield wipers work better,
(00:45):
or something like that. Right, We're not talking about hacking
as in minor improvements or tweaks. We're talking about hacking
as in penetrating the system of a car to make
it do things against the will of the dry her,
any critical systems in your car, attacking those and then
and then somehow altering what they do with their function
(01:07):
is the way that they operate. Right, And it sounds
it sounds a little bit like it could be and
you know, the Bourne identity or maybe taken three if
that ever comes out. Way, did you ever see Taken? No,
this isn't becoming increasingly important to our podcast. I am
gonna buy the DVD of Taken. I'm going to give
it to you for your birthday. Fair enough, I'll watch
(01:28):
it if you give it to me. Okay, deal, and
everybody listening to hold us to it. Um, just because
all of my references to that film are falling flat.
So it taken at an action film? Whatever? Right? So
taking as an action film, just like James Bond Bourne
identity kind of stuff. Picture that That's what car hacking
sounds like, you know, as though some shadowy organization has
(01:50):
taken their top secret evil guys cell phone, typed in
a code, and all of a sudden, the heroine's camera
is in nine miles an hour. But what we wanted
to do in this podcast is talk about whether or
not there's any truth to that strange hypothetical situation, um,
(02:12):
and if so, how much of it is real, how
much of it is exaggerated? And what does it mean? Well,
I guess I mean, I've I've heard this kind of
thrown around quite a bit recently. Is that you know
they say that the more connected we are the more
vulnerable we are, right, I mean, it's supposedly we're talking well,
I mean obviously with the recent news about all the uh,
the leak information, the oh, like the N s A
(02:34):
stuff exactly, the N s A. I couldn't come up
with the acronym there, but the N s A stuff
that's been happening recently. Um, so, is it is it
true that you know, we're we're this open when we're
talking about really a cars and trucks. I mean, I
understand that, you know, devices that were potentially using for
a lot of personal information. Um, I understand that that's vulnerable.
How vulnerable are cars and trucks? Really? I mean it
(02:56):
just doesn't seem to make sense to me, Like, what's
what's the benefit of all that? Really? Yeah, and that's
a that's a great question. But I feel like that's
two questions at once. So let's tackle the first one,
the first part of it, which is how vulnerable are
cars and trucks? And then let's tackle the second part,
which is what's the benefit? Um maybe towards the end,
because that's a that's a little bit more more of
(03:18):
a difficult thing to crack. Well, first, when we talked
about the vulnerability of cars and trucks, modern vehicles that
we have to talk about e c u s or
electronic control units, and you know all about that. So
what what would that be the most basic level? Well, okay,
I mean that's that's pretty simple one. That's the endine
control unit. UM. Some people also call that the powertrain
(03:38):
control module, which is usually PCM is what they they
abbreviate that, but UM, and it's typically I mean that's
what you're gonna find in fuel injected engines. Uh So
anything from like the late nineteen seventies to early nineteen
maybe the early nineteen eighties through today. UM, a lot
of those cars are gonna be vulnerable versus like a
carbureted car which doesn't rely on an ECU for fuel
(04:00):
programming and that type of thing. You know, the multiple
sensors that that you know, send data back to this
this one processor, which is the e c U, and
it interprets all this data, uh that that it that
takes in and then it adjusts everything accordingly so that
your car operates in a smooth manner and has all
these parameters that it that it it's like a computer,
it's a small computer in your car, and there's there's
(04:22):
a lot of these, I mean most of them are
you know these uh, these these satellite sensors I guess
that send information back to these main control units. So
like the CU is one of the main control modules,
and then it's got a lot of sensors that that
send data back to it. Yeah, think of like nerves
talking to nerves in a limb talking to the brain exactly.
(04:42):
I mean, but it controls a lot of very important things.
I mean it will control like the air fuel ratio,
idle speed, UM. If your car is electronic valving, it
can control you know, when the valves open and close
UM or the rate at which they open and close UM,
ignition timing man you can you can set with with
e SEU. You can reset the revelements in the car.
The fuel efficiency can be kind of adjusted. We know
(05:05):
whether it runs rich or lean fuel mapping, gear selection.
Just all these different things are run through this one
control module. And then you know, you gotta remember that
there's there's many many control modules in the car. It's
not just that one. I mean there's a there's a
whole list of control modules and sensors of course, and
a lot of them are a lot of them are
sensors that people call, you know, um ECUs modules rather
(05:27):
well not e ceuse e c e see is one
specific thing. It's a lot of the sensors are a
specific purpose module, correct, and they and they send back
information to this main unit. But then there are other
other main units as well to control different things. So um,
you know, and it's nearly impossible to keep up with
every manufacturer and every module that they have, but cars
(05:49):
are being built with more and more, and that's probably
not a surprise to anybody, right, Yeah, there's one recent
estimate that suggests the typical luxury sedan contains over one
hundred mega bites of binary code spread across fifty to
seventy independent computers. That sounds terrifying. So it's also really convenient.
But as a backyard mechanic, right yeah, you know, the
(06:11):
reason that I don't like it that much is that
sounds like something you and I couldn't just fix at
your garage. That's definitely something you can't fix on your own.
There's not there's not enough duct tape correct for that.
But the the idea here that that you raised is
a really great and interesting point which is is this
increasing sophistication a double edged sword, has increasing the electronic
(06:36):
sophistication of our average daily drivers also increased our vulnerability
to sophisticated forms of hacking. And the answer, unfortunately is yes. Yeah.
And those hackers, that's that's what they do. They they
highlight or they they focus on those vulnerabilities and they
and they just make them into um an example, know,
(07:00):
they say like, here's what I can do. It isn't
that scary? And that's what they're doing right now. And
that's what we're seeing in a lot of these articles
and video clips online that we can watch that so
you know, show people doing different things with different cars
that you know that frightens people to say, like, oh
my gosh, somebody can can you know, prevent my car
from breaking if they want to? They can turn it
(07:20):
left at you know, a ninety degree angle if they
want um at will. That's scary stuff. But is that
really the reality? Is that really? What's is that what's happening?
Maybe we'll get into that later on, I guess, but
but first tell me, Ben, because you know a little
bit more about this, like who maybe somebody who would
do something like this is I mean, is it just
(07:41):
kind of the average car mechanic that's into this kind
of thing, or is it? And it's not really somebody
who's in the past been kind of a wrench turner,
you know that they would pick this thing up. I mean,
not that they can't, but it's more on the lines
of like a computer scientist or somebody who would be
interested in this, right, sure, yeah, absolutely, it's more someone
who would be interested in how to in the question
(08:03):
of how do we access and exploit that code? How
do we put a malicious program of some sort in there?
So it's, um, the person who's doing this is not
the same person who would just break a window and
take the your the face of your radio or something.
But um, not yet, not yet, at least unless it's
(08:23):
that simple. So oddly enough, these sorts of exploits of
vulnerabilities have been known to people who are interested for
some time now, and we know about it because we've
seen some studies, uh that I that I have here.
I'm the one with obsessive notes today. You've got a
(08:45):
pile of notes there. And we've also seen some demonstrations
by what are often called white hat hackers. So for
anyone not familiar with that terminology, Uh, there's they're off
in uh two categories of hackers that are broken down
to people. And I don't know how accurate this is.
(09:06):
They're white hat hackers who are sort of the good guys.
And the white hat hackers will um find a vulnerability
in a system, you know, like how do you how
do you get somebody's personal information or credit card information
out of maybe using Amazon once or twice, and they
find that way out. But the reason they do that
(09:27):
is to show it to Amazon or show it to
authorities and say, this is what happens, here's the problem,
fix it so that they can kind of ensure the
safety and shore up the security now, so they don't
do it for their own benefit, right and and black
hat hackers, of course would be the people who are
a bit more mercenary about it. So this our story here,
(09:49):
the reason this has come up in the news recently,
two guys that we can go ahead and call white
hat hackers, Charlie Miller and Chris Valisek, did a DARPA
funded study. Now we remember DARPA, right of course. Yeah,
they're the uh they're the mad science Department of the
United States Government. Sure. Yeah, but they do all kinds
of really cool projects. I mean, they had the the
(10:11):
ex prize. Is that the exprise is that I think
it's something different. That's the that's the space race fore Okay,
I'm sorry, I was thinking of something different. But they
also had the the autonomous car challenge that they did.
Um they've got that creepy looking walking robot, um you know,
the one that looks like a weird dog or something. Yeah. Yeah, man,
They've got a lot of cool toys and a lot
of They do a lot of interesting projects in that
(10:33):
arm right, and they are one of the groups that
has been instrumental in the move toward autonomous vehicles. They
also funded um Miller and baalisc As. These gentlemen conducted
an experiment to see if it was possible to hack
a car and if so, how to hack a car
(10:54):
and spoiler alert, they succeeded. There's actually a video you
can watch right now UM online with these gentlemen demonstrating
the car hacks. And that was what I was mentioning
when when it looks a little bit terrifying, and you know,
he said that, you know, they can control the brakes
they can control, you know, whether the vehicle turns left
(11:14):
or right. And um, these guys were sitting in the
back seat where where the journalist was driving, and you
know they said they weren't gonna put themselves in him
in any danger supposedly, right, But they were in kind
of an open field area back a lot somewhere, and uh,
you know, they would just kind of mess with the systems,
like you know, ahead and drive straightforward and uh, they
would tell the vehicle that, uh to display that you know,
(11:37):
they're traveling one. And they did that and it changed
to that, and then they switched it back down to
I don't know five or one or something, which caused
the seat belts to tighten up because it thought that
you know, it had instantly gone from one to one
mile an hour. Um, so you know, the seat belts
tightened up. And then they did that intentionally, they tightened
up the seat belts on him. Um. It was kind
of a jerking, you know, fast motion. It was kind
(11:58):
of scary to watch. The pretty engineer is firing. Um.
Then you know, then they shifted the car into different
gears and they made the horn go off, you know
for an extended period of time. Is nothing he could
do to stop it, um, all kinds of different things.
I mean, it was just and they could steer the
car from the back seat, which is the use of
a keyboard. Yeah, And I think the scariest part is
for me, one of the scariest parts was either seeing
(12:20):
the steering wheel move apparently of its own volition, or
seeing him hit the brakes without doing anything, because anybody
who has ever had a brake line problem knows that
it is terrifying when the brake pedal just goes down
and does nothing. Absolutely, absolutely, but they were they were
also you know, one thing we need to point out
is that they were in the vehicle and they were
(12:42):
plugged into a communication port. Right, they were plugged into
a data port. And this is I'm glad you said
the Scott because this is something that is crucial to
the argument here. They did not have what we would
call a wireless hack. They had physical access to the
two cars us that they reverse engineered. Those two cars
were two thousand nine Toyota Prius and Afford Escape, which
(13:05):
I believe was also a No. Nine. And with these vehicles,
what they had done is they had taken the software
of the e c U, and they had found they
had written their own software too in to inject within
this system via a physical connection. And when they were
doing this, they were able to sit there with their
(13:28):
computers plugged in and manipulate the car that way. And
so Toyota responded to this. Just for the record, Toyota
said that they didn't really consider this hacking because of
that that huge catch, because of the physical connection, right,
because the physical connection, So we don't in this case,
we don't really have some sort of action movie scenario
(13:51):
where you know, doctor No or whatever is steering somebody
gleefully on his cell phone that's sitting sitting on a
hillside watching them approach a tight corner, you know where
the cliff, you know, on the edge, and and and
you know, suddenly the steering and the brakes go out.
Nothing like that. This is like these guys are in
the back of the car, plugged in, saying okay, just
for a second, I'm gonna I'm gonna take the breaking
(14:13):
ability away, and then and then reinstated, you know, allowed
to happen again, because you know, I don't want to
hurt myself either. But the real fear The real threat,
I guess would be if there was a wireless attack
on a car, if somebody were able to somehow wirelessly
hack into the systems. And that's what Toyota was careful
about saying, is that we we specifically, you know, tell
(14:33):
our engineers to protect these cars against wireless attacks. You
know that they're not able to be controlled remotely in
any way. Um, And that was that was the distinction
that they said, is that, you know, it's it's a
very important distinction to make that you know, these these
cars right now can't be wirelessly attacked. I mean not
to say that it won't happen in the near future,
that they can't. You know that, you know, because it's
(14:54):
a cat and mouse game, you know, the way the
engineers developed products and then the hackers try to to
hack those products. Well, I've got some news to lay
on you now, but I promise you that all of
our cars are okay, are probably okay, all of our
cars are okay, Astra, and we'll get to the straight. Yeah,
there's a reason that Miller and Balisac did not try
(15:17):
to do wireless or remote access. The hack. Well, a
team of researchers at University Washington, University of California, and
San Diego already found that they could wirelessly penetrate some
of the same critical systems that these guys targeted that
Miller and val Sac targeted. And the way that they
did this relied on a couple of different things. They
(15:40):
looked at some Bluetooth bugs, some UH Android apps that's
Android software, seeing if they could establish a cellular connection,
kind of rogue mimicking on Star, and even seeing if
they could put it a malicious MP three file on
a CD. And this stuff was all, you know, theoretical
(16:02):
proof of concept POC stuff. But from what they found
on their papers here, they constructed a couple of challenging
and scary, frankly scary scenarios if they could happen. So
we'll just talk briefly about these scenarios, but before we
do remote hack. Is it possible? Is it possible? Here's
(16:25):
the strange thing. So according to these UH these papers
that we mentioned earlier, from UH this, it is theoretically
possible for someone to remotely hack a car. What you
can look for if you want to read more about
these studies would be two that we can recommend. That's
Experimental security analysis of a modern automobile. I know it's
(16:50):
a racy title, right, that's pretty long. Yeah. And then
there's Comprehensive Experimental Analyzes of Automotive attacks surfaces. That's far better. Yeah,
it rolls off the tongue. Yet. So in these, in
these they found a couple of different things. First, they
said that in their introductions they say the same thing
we did. Like all of the network hacks for cars
(17:14):
control the at control area networker can access hacks have
require prior physical access UM, So it was no open
question if automobiles could be susceptible to remote compromise. In
the comprehensive experimental analyzes, this is one that found exploitation
is feasible via a broad range of what they call
(17:36):
attack vectors. Says the CD players, that's the bluetooth, the
cell cellular radio, that's even mechanical tools in case you
have an evil genius mechanics, what about keys? Because there's
a there's a current UK court case going on um
in this date society, some of these these articles are
right up to this day, I mean late July early
August UM where in the United Kingdom and judges ruled
(17:59):
that three computer scientists may not publish a paper UH
that contains or describes how a weakness in a cryptographic
algorithm UH can identify ignition keys in certain vehicles and
those those vehicles are Volkswagen vehicles. Um, there's a there's
a weakness there that includes the course Porsche, Audi, Bentley, Lamborghini,
and of course VW proper um and VW says that
(18:21):
the information can be used to steal their cars. And
the way that they're coming back with this is the
researchers of the hackers, I guess are saying, Um, this
computer scientists. I don't know what to call them. I guess,
um they're coming back. And then they're claiming that, you know,
if if the info is all the simple information is
available online and that they told the company about the
(18:42):
problem nine months prior to this, but nothing was done.
So there's the security flaw in well, potential security flaw
in millions of Volkswagen products at this point. Um, you know,
via the signition key situation that you know, hackers may
be able to you know, um, over I had you know,
car mobilizer systems and be able to drive away with
(19:03):
cars with the the wrong key and I don't know,
if you know, maybe that's not the case. Maybe they'll
be able to just get into the vehicles because they're
what they're doing is able to They're able to take
the information from the key, and I would assume they'll
be able to do make a dummy key that would
work right right, Yeah, that's that's the idea. And what
what's being um banned from public discussion in that in
(19:25):
that paper is the method that the researchers, the computer
scientists themselves used to access that. And I gotta say, honestly,
it's a difficult thing to tackle from bw is and
because this is, uh, this is a computer thing. But
it's not like it's not like the company can issue
(19:47):
a fleetwide patch. No, this is I mean, like I said,
this could be potentially millions of volk Flagon products. And
I don't think that they're probably the only one that's
vulnerable or something like this. I would think that there's
got to be gap somewhere in other automakers security. It's
just you know, if if somebody works hard enough, they're
gonna be able to exploit that area. That's that's a
(20:07):
weakness there that they see as a weakness and somehow
make that work for them. And that's that's really what
the heart of all this is that attackers find that
one weakness, that one loophole, that one little opening, and
then they just exposed that. Right. And when we were
covering this, when we start looking at this, it's strange
when you think about that side of it, because you
(20:28):
don't want as a car owner or a car manufacturer,
you don't want that knowledge out in the either. You
know absolutely, how can you protect yourself against something like that?
And that's really the mission that Charlie Miller and Chris
Valiseek we're going on. They're both directors or security engineers.
(20:52):
Valise I could think is a director of security at
a place called IOActive. And they went with the knowledge
that they gained. They're the guys did the escape and
the prius. Of course, they went to a hacking convention
pretty much a hacking convention called def con Um and
that was in that was this month as we're recording
this August of Oh and excuse me, I think their
(21:14):
test cars were two thousand, ten four to Escape and
Toyota Prius a little more modern, a little more modern,
but the idea here is that by demonstrating what could happen,
we can better prepare in the future for those kind
of exploits. So again, they're white hat hackers and that
they're they're saying like, here's here's what we've been able
(21:34):
to do. What are you gonna do to fix this
because here's the here the weaknesses that we found, now
fix them, right, And they really are hacking. We said
they were accessing the e c US for each car's features,
but what they're really accessing is they're they're kind of
they're swindling. Occurs. Their bait and switch of programming occurs
at the the can so the central access network, the
(21:58):
car access network, so they use they can bus, right, Yeah,
the can bus is really the communications system. That are
the way that the vehicle communicates from module to module.
That's the system that it operates on. So that's the
way modules control I can can talk to each other.
Right and they interrupt that, Yeah, they interrupted and insert
their own code. Now they also um, just so we
(22:21):
can get this out here. These are also not just
interested parties who were you know, they're not they're not
new to this at all. As what I'm saying, there's
there's a heck of learning curve. The only way that
these guys were able to do this is because they
are um well intentioned, I would say, beneficial, um brilliant men.
And when they built off of this earlier research or
(22:45):
in comparison to some of this earlier research, what what
we have learned then is that it's quite possible that
this technology has already existed for time and in some form.
You know, like I wouldn't you sup not to sounding conspiratorial, Scott,
but I wouldn't be surprised if this was something that
DARPA already kind of knew about. I. You know, I
(23:09):
kind of get the same feeling. And of course, you know,
this is a government funded study that we talked about,
but I have the same feeling that if we know this,
then how far advanced are they? Because they don't tell
us what they really know? And everybody knows that. I
know what you're saying. You know, it sounds a little conspiratorial,
but but really they're not going to release what they know.
Right now. We're kind of behind the curve on this,
(23:30):
you know, it's it's it's something that you know, we
know that they're a little bit more advanced than what
we know already. In fact, they're probably a lot more advanced.
Can I can I mention one thing though you said
that you know this has kind of already been out there.
I I initially when I when I thought about this,
when you mentioned this as a topic, right away, my
my thoughts went to GM's on Star program. Yeah, and
(23:50):
it's good that you mentioned that. And I have a
question for you because now I mean, is that is
GM's on Star system really considered like a hacking system
because hack because car owners pay extra for that. They
know it's there. GM designs it to do exactly what
it what it does, They know everything that it can do.
But I think there's some surprises along the way, and
(24:11):
that you know, I've seen some video of like a
police chase that was ended via on Star. You know,
they they simply contacted on Star and said, you know,
shut down the shutdown the fuel system. And I don't
know if they they actually pulled the vehicle off to
the curb or not, but that the vehicle came rolled
to a stop, the doors were locked to keep the
suspects suspects in the car that they were chasing. I mean,
(24:34):
it seems like, I mean, it can be used for
good purposes like that. But I don't know if GMS
on Star system would be considered a system that that
is a hack. Really, I don't. I don't think so.
I don't think so, because what this goes back to
some of the stuff that we have talked about when
we talked about autonomous cars or the idea of having
(24:54):
some sort of infrastructure, right, something else in control, right,
a sky net for car for all the terminator fans
out there, and an on Star is sort of you know,
sci fi drama side, it is sort of the sky
net for those enabled cars. And I don't think it's
a hack because the hack implies that there is something
(25:17):
a little d I Y do it yourself or um,
something away from the original purpose. I totally agree. But
then there's those little things you know, that they're able
to do in addition to and it's not I'm not
saying that they're hacking their own system, but I'm saying
that they're activating different things that that people may not
know are there. They're hidden systems, they're hidden technologies. They're
(25:39):
they're able to able to do things that maybe you
know if you had read the fine print on the contract,
maybe you would have had a hint at it and
had to really think, like, what does this really mean
to me? Most people don't read all that fine print.
But but I bet that those those suspects were in
that high speed chase, we're surprised when suddenly, you know,
the vehicle stops and the door and the doors lock
(26:01):
on there by themselves, and the windows won't come down,
and you know you're trapped in the vehicle. That is
that is uh and it's all being done via satellite. Yeah. Okay, Well,
now that you're saying that, I'm I'm getting a little
bit freaked out. Not that I was planning to steal
the car, okay, and just and just you know, a
couple more quick things that I had because you know,
I'm kind of the I'm riding along on this episode.
(26:21):
You know, I'm I'm learning from you on this. But um,
as far as evil, you know, using it for good,
I understand that you know, these guys, these white hat hackers,
they they're able to, you know, tell people what's wrong
and and please fix this because there's a security issue,
there's a safety issue. Whatever um being used for evil,
I can I can completely see that in that, you know,
(26:42):
as far as like car theft obviously things like that.
You know, like it's maybe easy to unlock someone's car doors,
you know, like to with the key replication thing, to
be able to access a vehicle, to be able to
steal a vehicle or even maybe just steal what's inside
the vehicle. Yeah, it seems like a lot of work.
I understand if you have some kind of key cloner,
sure that can uh compromise security wireless entry, But it
(27:05):
does seem like a lot of work to just steal
a car. But but I guess a lot of people
will instantly think like, Okay, if somebody's accessing the systems
in my car. They're not really they're not thinking that way.
They're probably thinking, man, what if what if I'm driving
down the road and someone takes control of my car
and steers me into that wall over there? And I know,
it's it's kind of a silly thought because really, I mean,
how many how many of us are really wanted or
(27:27):
or you know, um or on the run that way
that you know somebody would want to do that to
us or or you know, and it would have to
look like a car accident. Yeah, I guess so. I mean,
I mean, you know, trying to kill somebody or to
to quote send a message to somebody, you know, like
in the movies, you know, like a like a like
a mob hit or something. It's not quite like that.
And and but that's what you know, initially people think
(27:49):
of that, and it's not really that way. It's it's sure,
it's dangerous because you know what we've seen that they
can control steering and breaking and all that. But um,
but really, I mean it's not it's not anything like
what we think. It's probably used for theft more than anything. Yeah.
So that's that's a good point because it's it's easy
to start to go down that path and think, oh,
(28:11):
now every car accident is suspicious or's something like that,
you know, and I don't know, um, I don't know
how accurate that could be. Because we have to keep
in mind that these hacks that are being demonstrated, our
hacks that have been researched by experts for months or
even years, and the tools that they have come up with,
the software that they have created, works under closely controlled conditions.
(28:36):
Because that's the nature of science, we have to have
an understanding of as many variables as possible and control
over those variables. UM. The way I think it was
Charlie Miller who said this, the way that they phrased
it was we're addressing something that's not a problem yet,
but we think it could be in some in some time,
you know, and one of those sort of ominous sooner
(28:58):
than you think things. So in conclusion, what I can
say with this is that, UM, is that guess it
is possible to hack uh parts of cars? Yes to it. Agree,
it is true that the increasing electronic sophistication of vehicles
does make them increasingly vulnerable to electronic means of compromise.
(29:20):
But with all that being said, UM, the technology and
expertise required to access a car this way is far
from widespread at this point. So as far as like
you know, a driver preventing a car hack, um, it's
not necessarily something you need to worry about right now.
I mean, they're safety concerns, you know, the ways that
(29:40):
you can protect yourself versus somebody coining your keys. Obviously
you don't maintain control your keys at all times and
make sure that there's no one kind of wandering around
with some type of code reader or something as you're
as you're entering your vehicle. I don't know. I mean
that seems a little tougher to to to guard yourself against.
But you don't really need to do anything right now
to prevent a car hack from happen. You don't need
to buy lead shields for you. You don't need to,
(30:03):
you know, beef up the security on your car in
any way to to you know, the the electronics security
in your car um more than you normally would. It's
not something that you have to actively pursue at this point, right,
I've got some Yeah, I've got some great advice here.
Two pieces of advice. First, don't let your hacker friends,
no matter how well intentioned they might seem, spend ten
(30:25):
months teakering with your car and installing data porch. That is,
that's at least the yellow flag. That's very good advice,
thank you. And And secondly, if you're feeling if for
some reason you do feel really paranoid, we we hope
this podcast hasn't made you paranoid, but if you do
feel that way, then UM, ask yourself if you really
need to have enabled Bluetooth access to your car, maybe
(30:48):
you could just call them when you get to wherever
you're going, fair enough. And uh. On that note, I
think there's an interesting thing. I'd like to return to
it in the future to see what happens. But um,
I mean, realistically, it's enough and we need to worry
about right now. Yeah, realistically, there's nothing you need to
worry about unless you are a secret agent being hunted
by other secret agents. I I don't know, or unless
(31:10):
you like personally prank called DARPA constantly and they're gonna message.
I feel kind of the same way. I don't. I
don't feel threatened by this very much. No, no, I
I don't think. I don't think it's a threatening thing yet.
But I think that the people, the researchers, the computer scientists,
who are showing us the possibilities here. I commend their
(31:34):
actions because they are because they are acts of charity,
and it's stuff that the stuff that people should know.
And of course I've got the number one silver bullet advice.
What's how to prevent these kind of car hacks? What's
that by a classic car? Fair enough you have no
electronics involved and uh, and your your hack free, I
guess right. Finally, you have an excuse to get that
fifty chef that fifties chevy right exactly. Um, all right,
(31:57):
So that's it. We hope you guys enjoyed this up.
So we are going to foul out bracefully to our
hopefully unhacked cars. You can drop us line, let us
know what you think about car hacking. Let us know
what you would like to hear in the future. You
can color at us on Facebook. You can talk to
us on Twitter. I guess you can teach us on Twitter,
(32:19):
or if you'd like to cut out the social media
rigamarole altogether, you can send us an email at car
stuff at Discovery dot com. Well for more on this
and thousands of other topics, this is how stuff works
dot com. Let us know what you think. Send an
email to podcast at how stuff works dot com.
CarStuff News
Hosts And Creators
Scott Benjamin
Ben Bowlin
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.