Researchers have found a way to take control of a vehicle's computer systems.
The paper, entitled "Experimental Security Analysis of a Modern Automobile" and being presented at a conference next week, shows that a team of researchers were able to gain control of two vehicles through their ODB-II port, a connection that is mandated by the US Government.
It should be noted that this wasn't a remote hack, meaning the researchers had to gain physical access to the vehicle in order to plug into the ODB-II port. To that end the researchers are urging motorists not to panic, and say that they are "unaware of any attackers who are even targeting automobiles at this time."
To demonstrate the effectiveness and potential dangers of the security flaws, in one test the researchers were able to take full control of the braking system of the vehicle. As cars become more reliant on computerised systems, security of their electrical and electronic systems is becoming an increasing factor in the overall safety of the vehicle.
While the researchers tested their system on only two vehicles, the authors say that they have "no reason to believe that the issue is industry-wide." However, due to the ubiquitous nature of the ODB-II port, they probably have no reason to think it isn't industry-wide, either, but they chose not to say that.
Putting this into context, the existing flaws require the hacker to be physically in the vehicle that is to be compromised, meaning the attacker would suffer any ill effects. The researchers also claim that the expertise and equipment required are not trivial.
Nevertheless, this research should serve as a warning for vehicle manufacturers and their suppliers to get the security of their control systems up to scratch, otherwise the automotive industry might risk ending up on the wrong end of a class action lawsuit, again.
