Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.


Software gurus snub car hackers

30 July 2013, 10:37

Software experts, or 'white hat' hackers, have attacked cars to release code vulnerabilities before criminals can exploit them.

Charlie Miller and Chris Valasek say they will publish detailed blueprints of techniques for attacking critical systems in the Toyota Prius and Ford Escape in a 100-page white paper, following several months of research they conducted with a grant from the US government.

The two "white hats" - hackers who try to uncover software vulnerabilities before criminals can exploit them - will also release the software they built for hacking the cars at the Def Con hacking convention in Las Vegas this week.


They said they devised ways to force a Toyota Prius to brake suddenly at 128km/h, jerk its steering wheel, or accelerate the engine. They also say they can disable the brakes of a Ford Escape traveling at very slow speeds, so that the car keeps moving no matter how hard the driver presses the pedal.

Valasek, director of security intelligence at consulting firm IOActive, known for finding bugs in Microsoft Corp's Windows software said: "Imagine what would happen if you were near a crowd."

They were sitting inside the cars using laptops connected directly to the vehicles' computer networks when they did their work. So they will not be providing information on how to hack remotely into a car network, which is what would typically be needed to launch a real-world attack.

The two say they hope the data they publish will encourage other white-hat hackers to uncover more security flaws in autos so they can be fixed.

Miller, a Twitter security engineer known for his research on hacking Apple Inc's App Store said: "I trust the eyes of 100 security researchers more than the eyes that are in Ford and Toyota."

Toyota Motor Corp spokesman John Hanson said the company was reviewing the work. He said the carmaker had invested heavily in electronic security, but that bugs remained - as they do in cars of other manufacturers.

"It's entirely possible to do," Hanson said, referring to the newly exposed hacks. "Absolutely we take it seriously."

Ford Motor Co spokesman Craig Daitch said the company takes the electronic security of its vehicles seriously. He said the fact that Miller's and Valasek's hacking methods required them to be inside the vehicle they were trying to manipulate mitigated the risk.

"This particular attack was not performed remotely over the air, but as a highly aggressive direct physical manipulation of one vehicle over an elongated period of time, which would not be a risk to customers and any mass level," Daitch said.


Miller and Valasek said they did not research remote attacks because that had already been done.

A group of academics described ways to infect cars using Bluetooth systems and wireless networks in 2011. But unlike Miller and Valasek, the academics have kept the details of their work a closely guarded secret, refusing even to identify the make of the car they hacked.

Their work got the attention of the US government. The National Highway Traffic Safety Administration has begun an auto cybersecurity research program.

"While increased use of electronic controls and connectivity is enhancing transportation safety and efficiency, it brings a new challenge of safeguarding against potential vulnerabilities," the agency said in a statement. It said it knew of no consumer incident where a vehicle was hacked.

Still, some experts believe malicious hackers may already have the ability to launch attacks.

A group of European computer scientists had been scheduled to present research on hacking the locks of luxury vehicles, including Porsches, Audis, Bentleys and Lamborghinis, at a conference in Washington in mid-August.

But Volkswagen AG obtained a restraining order from a British high court prohibiting discussion of the research by Flavio D. Garcia of the University of Birmingham, and Roel Verdult and Baris Ege of Radboud University Nijmegen in the Netherlands.

A spokeswoman for the three scientists said they would pull out of the prestigious Usenix conference because of the restraining order. Both universities said they would hold off on publishing the paper, pending the resolution of litigation.

Volkswagen declined to comment.

- Reuters


Read News24’s Comments Policy

Comment on this story
Comments have been closed for this article.

Read more from our Users

Submitted by
S Mbinya
What to do after breakup

Your life does not end after breakup. Here are tips to move on: Read more...

Submitted by
S Mbinya
Rare gift for President Uhuru Ken...

Young Jubilee supporters have a rare surprise gift for the President. Read more...

Submitted by
George Vodongo
Illegal milk nabbed in Mombasa wa...

Milk powder is considered a sensitive commodity under the EAC Common External Tariff (CET) and attracts an import duty at a rate of 60 per cent. Read more...

Submitted by
S Mbinya
Athlete collapses, dies in Machak...

His coach blamed his untimely death on the supplements the athletes are given. Read more...

Submitted by
S Mbinya
Popular radio presenter found dea...

Grace Makosewe was working for Capital FM before moving to Urban Radio in Kisumu. Read more...

Submitted by
Ben Wangui
Four wards to elect new MCAs in b...

This follows the death of former office holders between April and August this year. Read more...