Connected car scare hacktics at Black Hat

hackinwhitecarCharlie Miller and  Chris Valasek the media darlings of car hacking claim that they will revel a vehicle “intrusion prevention device” at the Black Hat hacking conference in Las Vegas, this week. The two have appeared on CNN and in YouTube videos scaring the general public, by driving around in cars without dashboards in which one the two stops the car without the driver’s permission at very slow speeds.

They built a device made from 150 in electronics parts so that when an attack occurs, the device identifies traffic anomalies and block it.  This is the same concept of a device that the auto industry is currently working on  NEM (expected to be deployed in 2015) while the Auto Alliance has a proactive stance towards automotive cyber security. Most hacking devices require a connection to the OBD (On-Board-Diagnostics) port and a connection to work.

The dangerous duo also announced which cars they thought were the easiest to hack without trying to hack, just by looking a specs. They claim the easiest to hack are the 2015 Cadillac Escalade, 2014 Infiniti Q50, Jeep Cherokee and  Toyota Prius. While the most secure are Audi A8, Honda Accord and Dodge Viper.

The conference program says “A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.” In order to do such deeds it is often necessary to have a physical connection to the car.

Charlie Miller is a security engineer at Twitter. Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services.

According to various industry sources there are no known instances of such attacks in the public.