In this episode of Phreaked Out, we met some of the top security researchers at the center of the car-hacking world. Their goal isn't to make people crash: They highlight security holes to illustrate flaws in car technology, intended to pressure auto manufacturers to be a few steps ahead of their friendly foes.
Information security researcher Mathew Solnik gave us a first-hand demonstration on how to wirelessly send commands to a car and remotely tell it what to do. With a little over a grand and about a month of work, Solnik found time outside of his full-time job to reverse-engineer a car's computer system to make it ready for a takeover.
From his laptop, he was able to manipulate the car's engine, brakes, and security systems by wirelessly tapping into the Controller Area Network, or CAN bus network. Without getting too deep into the details—both for legal reasons and due to my own training-wheel knowledge of such things—he was able to do this by implementing some off-the-shelf chips, a third-party telematic control unit, a GSM-powered wireless transmitter/receiver setup, and a significant amount of know-how he's accrued over the years.
The reason for such additional hardware was to make our older, mid-size sedan function like a newer—and arguably more vulnerable—stock vehicle, which these days often come with data connections. (We would have loved to tinker with the latest, most connected car on the market, but since we were on a shoestring budget and it's incredibly hard to find a friend who's willing to lend their car for a hacking experiment, our pickings were slim.)
With that said, a car whose network system is connected to a cloud server and accessible by Bluetooth, cell networks, or Wi-Fi is potentially vulnerable to intrusion.