Hackers tap into ECU to kill engine, brakes and more

During the 17 years this writer worked on braking and stability control systems, we occasionally joked about being able to remotely update the software in people's vehicles and bring them to a halt. At that time, the technology didn't really exist to actually do that. Today that's no longer true. Researchers the Universities of California and Washington will present a paper at a security conference in Oakland, California next week outlining how they were able to hack into vehicle computer systems.

When electronic control units were first added to cars in the 1970s, the firmware was all in masked read-only-memory that couldn't be modified once it was fabricated. In the late 1990s, as systems became more complex, engineers began using flash memory so that firmware could be updated with bug-fixes and other changes. With most current vehicles you have to be plugged into the OBD-II diagnostic port in order to communicate with the ECUs, which are now connected over a vehicle-wide controller area network.

Now that we're starting to move into the age of connected vehicles, the risks are rapidly increasing. OnStar already has the ability to remotely slow a stolen vehicle. Ford is currently demonstrating Fiestas that can download applications and communicate with the vehicle systems to broadcast vehicle information. Without putting adequate security into vehicle ECUs, it's possible that someone could download a malicious application with the potential to disable or otherwise damage the vehicle.

[Source: PC World]