For car thieves, the tools of the trade have long been slim jims, tire irons, and maybe a screwdriver or wire cutter. In 2015, we can add smartphones and diagnostic tools to the list, as yet another instance of automotive hacking has risen to the surface.
Wired reports that researchers at the University of California San Diego (UCSD) were recently able to access vital systems on a 2013 Chevrolet Corvette wirelessly, and they did so via a diagnostic port that’s in every new car on the road. Once they gained access, they were able to activate and cut the brakes via text message at low speeds.
Just how was this feat accomplished? Every car sold in the U.S. after 1996 (and in Europe after 2001) employs something called an On Board Diagnostics Generation II (OBDII) port, which is generally located under the dashboard near the driver’s side door. That port is a gateway to the vehicle’s array of sensors, whether they’re assigned to the engine, transmission, brakes, or suspension. If you’ve ever had a check engine light come on and brought your car to a shop, the first thing a technician usually does is plug a scanning device into the OBDII port to diagnose the problem.
Wireless versions of those scanning tools — called OBDII dongles— are widely available, and they often use Bluetooth connections to transmit vehicle data to smartphones. This doorway to the vehicle’s nervous system was the exact weakness the UCSD researchers needed to hack the ‘Vette’s computer, because after they tinkered with a dongle manufactured by French firm Mobile Devices, they discovered several security weaknesses.
“We acquired some of these things, reverse-engineered them, and along the way found that they had a whole bunch of security deficiencies,” said Stefan Savage, UCSD professor and leader of the Corvette experiment. He explained that these products “provide multiple ways to remotely control just about anything on the vehicle they were connected to.” Worse yet, the researchers said they could have commandeered the systems of nearly any OBDII car with the Mobile Devices dongle plugged in, and the apparent vulnerabilities are likely found in products all over the globe.
There is good news though. The Mobile Devices product has been reportedly updated with a wireless security patch, and thankfully this incident was yet again a part of a controlled experiment by security researchers. But as has happened before, another major security flaw has been exposed in the modern car world, and it likely won’t be the last.
Related Posts
Tesla Model 3 got outsold by an EV from a Chinese smartphone brand
The Chinese smartphone maker delivered 258,164 units of its first EV. Meanwhile, Tesla sold only 200,361 Model 3s, marking the first time since Tesla's Chinese launch that another brand has overtaken it in the world's largest EV market.
Your future BMW electric M3 will still sound like a real M car
Instead of trying to invent a new "sound of the future" filled with abstract spaceship hums and digital warbles, BMW’s Motorsport division is digging into its own history books. New videos from the development team reveal that the upcoming electric M3 will feature a synthetic audio system built from high-fidelity recordings of the brand’s most iconic internal combustion engines. We aren't talking about generic engine noises here; BMW is literally sampling the legends.
This is the tech that makes Volvo’s latest EV a major step forward
The 2027 Volvo EX60 boasts engineering improvements in a package that’s likely to have mass appeal. It’s based on a new architecture that offers improved range and charging performance, backed by software with now-obligatory AI integration. And as a five-seat SUV similar in size to the current Volvo XC60 — the automaker’s bestselling model — it’s exactly the type of car most people are looking for.