How to Hack a Car

All it takes is a $10 device and a few lines of code. 

Getty Images / Sean Gallup

Almost every car produced in the last 20 years has a tiny, internal network of connected parts. The speedometer, the windshield wipers, power steering, brakes, and all of a car’s other systems talk to one another on a closed network called a Controller Area Network (CAN) bus — and hackers are listening.

Or rather, they can listen, if they want. It’s not particularly hard, or sophisticated, and a hacker that’s plugged into your vehicle’s CAN bus owns it. You might be behind the wheel, but the person who controls the bus controls the car.

“The CAN bus is an internal network. Inside a vehicle, embedded systems all communicate to each other on a trusted network, aka a bus,” Craig Smith, author of The Car Hacker’s Handbook and OpenGarages core member said during a panel on car hacking at the 11th Hackers on Planet Earth Convention in New York City. “[The CAN bus] is a soft squishy center for the car. Once you get to the can bus, its pretty much game over.”

Eric Evenchick co-hosted the panel. Evenchick created CANtact, an open-source software tool that lets prospective car hackers interact with the CAN bus systems of most vehicles. Evenchick said his software is intended for people who want to explore how their vehicles work on a level previously reserved for industry insiders.

“People ask me, ‘should I hack my own car?’ Yes, you should totally hack your own car,” Evenchick said. In many vehicles, it’s a simple as establishing a physical connection with the CAN, which, depending on the vehicle, is usually a simple matter of finding the right wiring setup. Evenchick sells a $60 device that makes the interface easy, and getting to the CAN is usually as easy as pulling it out from below the steering column.

The CAN bus unit in a Volvo.

Once you’re in, you control almost everything. The CAN system works on pretty simple programming, and crashing the whole thing is often as easy as entering a single command.

“The bus system is this trusted network — If you literally write the message: ‘while (1) {send_message_with_id_0();}’ you can just crash the CAN bus you’re connected to, and this can have a lot of awesome effects,” Evenchick said. “You can immediately lose power steering, lose power control set off every alarm thing you will literally crash the can bus you’re connected to.”

The “id_0” bit is what kills it, basically making the machine divide by zero. Evenchick said he accidentally did this in his boss’s car, once.

Okay, this isn't exactly what happens, but it's still pretty scary.

Some after-market products, like data trackers installed by insurance companies, can interact with the CAN bus as well. And Smith and Evenchick said anything that interacts with the CAN provides an extra way in for a dedicated hacker. Bluetooth systems? Connected to the CAN. Wireless connectivity? Connected to the CAN. They described it as similar to the Internet of Things, where each connected device is a potential security flaw.

In most cases, however, the biggest danger is theft. Almost every car on the road today has an immobilizer, which prevents thieves from “hot wiring” the car, like characters in movies and TV shows do all the time. But car hackers can blow past a digital immobilizer with a $10 device bought on the internet — if they break into your car and physically access the CAN, it’s as simple as plugging it in.

Theft, Evenchick said, is the most obvious application of car hacking. But further down the line, total control of an interconnected vehicle could become more and more of an issue. CAN bus setups are used in airplanes, cars, boats — even New York City’s public CITIBikes. Evenchick said there’s a possibility that remote CAN bus access could be used by hackers as “ransomware.”

“The concept is totally fictional right now, but it is a possibility,” Evenchick told Inverse after the panel. “A hacker could say, ‘hey, pay me some BitCoin if you want to use your power steering again.’”

Still, like many digital security concerns, Evenchick said the risk to the public is minimal — most hackers aren’t out to shut down normal citizen’s cars. “One thing that hasn’t been addressed very well is motive and risk,” Evenchick told Inverse. Why would a hacker want to shut down a car’s power steering when they could just steal it, the logic goes. At the moment, theft is still the biggest threat from insecure car systems. Sure, software vulnerabilities will crop up from time to time — like the bug in Nissan’s Leaf cars that let hackers control some basic systems — but on a practical level, most criminals aren’t out to mess with cars. But on the road to an interconnected electric-car wonderland, there will be plenty of opportunities to hack the system.

Related Tags