Why the Next Denial-of-Service Attack Could Be Against Your Car

We haven’t seen the last of the car hacks, says Charlie Miller, the security researcher who in 2014 helped show that hackers can take control of certain models of cars, messing with brakes and steering and other systems while the cars are in motion.

Speaking this week at ARM TechCon, held in Santa Clara, Calif., Miller said that carmakers “are not in good shape now,” but there’s hope for the future as the companies begin to understand the risks when vehicles are connected to the outside world.

Miller, currently an engineer at Uber, pointed out the difference between two categories of car hacks—hacks limited to the mobile app or to the head unit (the centerpiece of the audio system), and hacks that reach into the car’s controller area network (CAN) bus.

The latter are significantly more dangerous because brakes, steering, and other critical controls connect to the CAN bus. Yet mobile and head-unit hacks can go beyond simply changing the radio station.

Consider the recently detected vulnerability in the Nissan Leaf mobile app, Miller suggested (it has since been fixed). The password, he says, was the vehicle identification number,…[Read more]