A pair of security experts demonstrated to the BBC that some ordinary models of cars can be overridden — despite whatever the driver is doing behind the wheel — using a laptop, some software and an old Nintendo Entertainment System gamepad.
The hack — which Toyota, in response, says it doesn’t consider a “hack” — requires plugging into a vehicle’s electronic control unit through a diagnostics port, as researchers Charlie Miller and Chris Valasek did on a 2010 Ford Escape and Toyota Prius. From there, software written by the pair overrode commands the driver gave the car — including acceleration, braking and steering. Gauges also were manipulated to show ludicrous speeds or zero fuel. Most terrifying, perhaps, the horn was utterly at the hackers’ mercy.
A Toyota spokesman quibbled with the BBC, noting that the hardware driving the car had to be physically connected to it, therefore not rising to the level of a “hacking”.
“The presence of a laptop or other device connected to the [on board diagnostics port] would be apparent,” the spokesman said.
Miller and Valasek say that’s not the point. The cars don’t appear to acknowledge from where the commands are being sent, a sure way to shut down this kind of secondary control — which is dangerous for any number of reasons. The duo said they wrecked a few test cars while testing and revising their software.
Miller notes that the conversation on remote-control car hacks varies widely, from some saying this isn’t important to others saying it’s common knowledge. He and his partner plan to release their findings publicly because “if you’re just relying on the fact people aren’t talking about the problem to stay safe, you’re not really dealing with the problem.”
Toyota, for its part, defended the firewall technology aboard its cars, saying it protected vehicles from remote and wireless services.