The study was carried out by researchers from the University of California, San Diego and the University of Washington, and reported by the New York Times. Details on exactly how the scientists gained access to the ECU weren't detailed in the story, but it was likely carried out on a vehicle equipped with a built-in data connection – not a tethered smartphone.
Although the researchers maintain the attack could have allowed them to control the brakes and possibly the throttle, the major thrust of the research was to see how tech-savvy criminals would be able to boost a car by wirelessly connecting to the vehicle, unlocking the doors, starting the engine and then driving away. The safety concerns seem to be less of an issue, but access to any vehicle's ECU can wreak serious havoc on both the basic infotainment systems and the various electronic sensors that keep the vehicle running.
Where the NYT falls short, however, is in lumping Ford's SYNC system into the same mix as General Motors' OnStar, Toyota's SafetyConnect, Lexus' Enform and BMW Assist. All those systems rely on a hardwired data connection, whereas SYNC utilizes the driver's smartphone to connect to the car.
Ford SYNC spokesman, Alan Hall, told us that FoMoCo has "taken aggressive steps to ensure security protection," including a built-in firewall, "white-listing" functions that keep the vehicle control systems separate from the infotainment network and "code-signed" updates that are only recognized by coming directly from Ford, along with beefed up security on its cloud-based services.
We're parsing through the details of both studies and are talking with a handful of automakers. Look for a follow-up report in the coming days.
[Source: New York Times | Image: Sean Gallup/Getty]