Spanish researchers, Javier Vazquez-Vidal and Alberto Garcia Illera, have revealed a $20 device that can cause vital functions of a car to be disabled if physically connected to a car. While many car hacking techniques have been demonstrated, it seems that this device has the potential to be particularly dangerous and is especially cheap to build.
If physically connected to a vehicle, the device can interfere with a car’s onboard Controller Area Network, or CAN bus, that coordinates and operates everything from windows to headlines and brakes to power steering.
When the device, which is smaller than a smartphone, is attached to a car’s electrical systems and the CAN bus via four wires, attack commands can be input over Bluetooth, according to Future Tense.
Vazquez-Vidal and Illera call the device the deviCAN Hacking Tool, or CHT. The device will be presented at the Black Hat Asia security conference next month.
Vazquez-Vidal told Forbes that the device is so small that it could be placed on a vehicle without being seen so an attack could be initiated weeks or months later.
The placement of the device on some car models would require the attackers to get under a car’s hood, but on some models attackers could just crawl under the car to plant it.
The researchers hope that releasing this information will force car manufacturers to address all of the vulnerabilities.
“A car is a mini network, and right now there’s no security implemented,” Garcia Illera.
Future Tense reports that many of these so-called “embedded devices” have no protection against viruses and malware because they are not believed to be vulnerable.
Lawmakers are currently looking into some of the dangerous vulnerabilities in cars, with Sen. Edward Markey (D-Mass.) discussing the situation with major automakers, according to Reuters.
“As vehicles become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code and more avenues through which a driver’s basic right to privacy could be compromised,” Markey wrote in a latter in December.
Yet the CHT will be even more extreme than anything shown previously, according to Vazquez-Vidal and Garcia Illera.
“Your car may feel like your own personal bubble, but until its network is protected, you won’t know if you have a digital passenger,” Lily Hay Newman wrote for Slate.
