Self-pwning cars: the future of automotive rooting

Security researches at UCSD and UWash have been looking at advanced ways of making mischief with computerized automotive systems, from messing with Bluetooth to inserting malware into the diagnostic tools. The most baroque and interesting attack they've demonstrated, though, uses a malformed MP3 that exploits a bug in the sound system (I'm assuming some sort of buffer overflow). Once they're in, the researchers have been able to control the car's locks, speedometer, brakes and engine.

They found lots of ways to break in. In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. "The easiest way remains what we did in our first paper: Plug into the car and do it," he said.

But the research shows how completely new types of automotive attacks could be on the horizon. For example, thieves could instruct cars to unlock their doors and report their GPS coordinates and Vehicle Identification Numbers to a central server. "An enterprising thief might stop stealing cars himself, and instead sell his capabilities as a service to other thieves," Savage said. A thief looking for certain kinds of cars in a given area could ask to have them identified and unlocked, he said.

With hacking, music can take control of your car

(via MeFi)

(Image: Even technology needs it, a Creative Commons Attribution Share-Alike (2.0) image from pnglife's photostream)