Computer hackers claim to have taken control of a Toyota Prius, steering the car and applying its brakes.
Charlie Miller, a security researcher with Twitter, and Chris Valasek, director of security intelligence at IOActive, took over some of the car's systems using a laptop computer connected to its OBD (on-board diagnostic) port, and were able to drive it using a video-game controller.
The two computer experts also claim to have disabled the brakes of a US-market Ford Escape when travelling at low-speeds.
Miller and Valasek will present their findings at Def Con 21 hacking convention in Las Vegas on 2 August. Writing on his blog, Valasek outlined how he and Miller were able to manipulate the car's CAN (Control Area Network) messages: "Well show how some of these messages can be used to physically control the automobile under certain conditions."
Valasek has told Def Con delegates that he will release enough detail so that: "At the very least you will be able to recreate our results, and with a little work should be able to start hacking your own car!"
Although the possibility of hundreds of hackers being able to override a car's controls seems alarming, Toyota argues the reality is rather different: " We are familiar with the demonstration on a Prius. We note that it involved physically connecting a laptop scan tool to the on board diagnostic (OBD II) port and used it to control or override certain functions. A portion of the instrument panel was removed to enable this.
"Altered control can only be made when the device is connected. After it is disconnected the car functions normally."
Toyota argues that since a physical connection to the diagnostic port is needed at all times, this isn't really "hacking" at all. But even so, if computer experts can take control of a vehicle in this way now, what's to say this could not be achieved remotely in the future?
"It's naive to think people could control a car using something like Bluetooth," said a Toyota spokesman. "There's not one single system, so the steering and the brakes aren't linked to the radio or telephone. That's not to say it could never be done, but we're investing heavily to make sure it can't."
While hacking a car remotely may still be far-fetched, stealing it using information captured through the OBD port isn't. Mike Briggs, Vehicle Security Manager of the motor insurance industry's research body, Thatcham, said: "Thatcham is taking these issues very seriously and has been working closely with vehicle manufacturers, insurers, police and government to understand the extent of the issue. Thatcham and manufacturers are already working on a number of software and hardware solutions designed to minimise this threat."
Charlie Miller, a security researcher with Twitter, and Chris Valasek, director of security intelligence at IOActive, took over some of the car's systems using a laptop computer connected to its OBD (on-board diagnostic) port, and were able to drive it using a video-game controller.
The two computer experts also claim to have disabled the brakes of a US-market Ford Escape when travelling at low-speeds.
Miller and Valasek will present their findings at Def Con 21 hacking convention in Las Vegas on 2 August. Writing on his blog, Valasek outlined how he and Miller were able to manipulate the car's CAN (Control Area Network) messages: "Well show how some of these messages can be used to physically control the automobile under certain conditions."
Valasek has told Def Con delegates that he will release enough detail so that: "At the very least you will be able to recreate our results, and with a little work should be able to start hacking your own car!"
Although the possibility of hundreds of hackers being able to override a car's controls seems alarming, Toyota argues the reality is rather different: " We are familiar with the demonstration on a Prius. We note that it involved physically connecting a laptop scan tool to the on board diagnostic (OBD II) port and used it to control or override certain functions. A portion of the instrument panel was removed to enable this.
"Altered control can only be made when the device is connected. After it is disconnected the car functions normally."
Toyota argues that since a physical connection to the diagnostic port is needed at all times, this isn't really "hacking" at all. But even so, if computer experts can take control of a vehicle in this way now, what's to say this could not be achieved remotely in the future?
"It's naive to think people could control a car using something like Bluetooth," said a Toyota spokesman. "There's not one single system, so the steering and the brakes aren't linked to the radio or telephone. That's not to say it could never be done, but we're investing heavily to make sure it can't."
While hacking a car remotely may still be far-fetched, stealing it using information captured through the OBD port isn't. Mike Briggs, Vehicle Security Manager of the motor insurance industry's research body, Thatcham, said: "Thatcham is taking these issues very seriously and has been working closely with vehicle manufacturers, insurers, police and government to understand the extent of the issue. Thatcham and manufacturers are already working on a number of software and hardware solutions designed to minimise this threat."
