• Aug 11, 2010
We heard the first reports of researchers proving that you could hack into automotive electronic systems earlier this year. That work was based on tapping into the OBD-II port normally used by mechanics for reading diagnostic codes. That method of car hacking, however, is of limited value to cyber criminals because it requires having physical access to the underside of a car's dashboard.

Another group of researchers from Rutgers University and the University of South Carolina have just discovered that you can hack into a car's electronics wirelessly, which means any modern vehicle could be vulnerable to an attack at any time, even while it's being driven down the road.

The researchers used a car's tire pressure monitoring system (TPMS) as their entry portal. Tire pressure monitoring has been mandatory on new cars since 2008 and uses a sensor on each wheel that transmits data over radio frequencies to a vehicle's electronic control unit.

By sniffing for signals from the TPMS, these researchers were able to track two different vehicles and even interfere with the signals. At this point, the real world implications are limited because TPMS sensors have a very short range and update the car's ECU only every 60-90 seconds. However, these findings underscore how as vehicles get more wireless connectivity, it's important to ensure those wireless connections are secure and encrypted to prevent mischief.

[Source: Ars Technica | Image: Lance McCord, CC2.0]


I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • 31 Comments
      • 4 Years Ago
      @Mike
      I think the problem is the definition of "ECU" and how the article authors interpreted it. Most car-types think of ECU as an "Engine Control Unit", or the master computer. The paper (and subsequent articles) define it as an "Electronics Control Unit", which is generic to the point of being able to describe a digital watch. The other article I read ( http://www.goodgearguide.com.au/article/356316/tire_tags_reveal_driver_whereabouts/ ) states a little more clearly that....

      "We have observed that it was possible to convince the TPMS control unit to display readings that were clearly impossible," the researchers write. In one case, the researchers had confounded the control unit so badly that it could no longer operate properly, even after rebooting, and had to be replaced by the dealer.

      Which makes it more obvious that they're referencing the TPMS system and not the main ECU. Internet journalism frequently has that telephone-game effect of mutating the facts as they travel from site to site. :)
      • 4 Years Ago
      I always had an inkling that this site was French.
      • 4 Years Ago
      @Mach

      Thanks for the link to the other article--that clears the confusion up (generally in the context of cars, the authors should use ECU as "engine control unit). Corrupting the TPMS module is significantly less concerning than corrupting the engine control unit.
      • 4 Years Ago
      as opposed to yassir....
      • 4 Years Ago
      http://www.h-online.com/security/news/item/Known-by-their-wheels-1058068.html

      Note that TPMS uses CANbus, which has previously been shown to be vulnerable to DOS attacks. Using CANbus communications on an unsecured wireless connection is problematic, even if there's a shunt between the TPMS and the core ECU: a successfully compromised TMPS could be configured to go on to attack the core ECU.

      Yes, you should be scareder than you are.
      • 4 Years Ago
      Autoblog,

      It wont hurt much to prof read what you're going to post. Atleast in the title.
      "Pressure"


      Thanks
        • 4 Years Ago
        ..."prof read"... I'm going to assume you did that on purpose. :)
      • 4 Years Ago
      I was just fishing for credit on this story myself... ;-)
      • 4 Years Ago
      So... presumably someone with the right equipment could cruise alongside or behind a car with one of these systems and interfere with the car's electronics. This wouldn't be worrisome unless they could interfere with the engine ECU and disable--then jack--the vehicle, or somehow tap into the codes for the anti-theft system.

      That could be a bonanza for high tech auto thieves.
      But those vulnerabilities are typically closed as soon as they're found, so I'm sure the manufacturers will address this pretty quickly.
        • 4 Years Ago
        Maybe this is the cause of Toyota's UA problems! Yea, that's it, a conspiracy!
        ;-)
        • 4 Years Ago
        At times some "hackers" if you will seek out security problems and inform the manufacturer's about them. Hopefully after proving this to the automakers they'll take steps to prevent this in the future.
      • 4 Years Ago
      Have i mentioned that i'm perfectly fine with my 90's cars?

        • 4 Years Ago
        That's probably because you have a downrating mafia following you around. You seem to ruffle some feathers around here.

        ( which is a good thing, there is a lot of groupthink on any blog/board )
        • 4 Years Ago
        +1 to that.
        • 4 Years Ago
        LOL yeah. I completely understand that being perfectly happy with the 90's cars comment. Trying to stay current on all the new tech when it comes to repairing and diagnosing the newer vehicles is expensive and time consuming.
      • 4 Years Ago
      Is it time for cars to have a monthly "Patch Tuesday"?
      • 4 Years Ago
      "Tire pressure monitoring has been mandatory on new cars since 2008"

      What! How did this happen?
        • 4 Years Ago
        yeah, i dont think thats accurate. i bought a car this year and it doesnt have tpms.
      • 4 Years Ago
      The major issue isn't that others can read your TPMS sensors, it's that researchers were able to feed the ECU false TPMS readings that could trick the ECU into throwing warning lights (presumable low pressure lights) or even "crash" the ECU (presumably with nonsensical data).
    • Load More Comments