That's a nice motor you've got there—it'd be a shame if white hat hackers were able to take the wheel.
If I can find one, I think my next car is going to be a 1990 Volkswagen Golf GTi MK2. Even though my Mum drove one through the noughties, it’s not just the nostalgic charm that appeals, but chiefly the fact that such an old car can’t be remotely hacked.
PCA Cyber Security is a Budapest-based company with a particular interest in bending smart cars to its whim. Over the last few years, the company has highlighted a number of vulnerabilities in Škoda and Volkswagen vehicles, but their most recent white hat hack turns the 2020 Nissan Leaf ZE1 into a 3500 lb RC car (via Hackaday).
Recording conversations in the car and remotely activating the horn would already be bad enough, but the hack can also allegedly take control of the steering wheel while the car is in motion. So, how was PCA Cyber Security able to make such devastating inroads into this vehicle? As with many smart car hacks, numerous vulnerabilities can be traced back to the Nissan Leaf’s in-vehicle infotainment system.
After notifying Nissan, PCA Cyber Security walked through how they hacked it in this post as well as a 118-page presentation given at cybersecurity conference Black Hat Asia earlier this year. To begin with, the group bought salvaged Nissan Leaf parts on eBay to cobble together an infotainment system test bench.
From there, the first hurdle was bypassing the infotainment system’s anti-theft mechanisms, though that was soon dealt with thanks to a custom Python script. That’s not the scary bit, though—the scary bit is that the team were able to gain control of some pretty vital vehicle systems by exploiting the Bluetooth interface. While remotely activating the wind screen wipers or adjusting the wing mirrors may not seem all that unnerving—perhaps it feels even a little playful—trust me that it gets so much worse.
All a hacker exploiting this vulnerability needs is for the driver to open the infotainment panel’s Bluetooth connection menu. Once open, the hacker can connect devices without even needing to be inside the vehicle or touch the infotainment system’s screen. Once a hacker has the access they need, they can not only track the vehicle via GPS, but also take over vital systems like braking and steering.
This security research was focused on software version 283C30861E specifically, but it’s probably still a good time to update your infotainment system if you haven’t already. A car that doesn’t even have a CD player is starting to look pretty good right about now, isn’t it?
Following along the track of ‘hacked cars,’ did you know that each individual F1 car has multiple IP addresses? Or that it’s entirely possible to bork the engine of an F1 car running on a test bed by connecting to the wrong IP address and flashing the Electronic Control Unit? As the saying I just made up goes, ‘More connectivity, more problems.’
About Post Author
