• Wed
  • Nov 19, 2014
  • Updated: 9:37am

Chris Valasek and Charlie Miller build device to protect cars from hackers

Security experts to showcase technology that stops hackers taking control of vehicles

PUBLISHED : Thursday, 24 July, 2014, 1:22am
UPDATED : Thursday, 24 July, 2014, 4:00am

Two security experts who a year ago exposed methods for hacking the Toyota Prius and Ford Escape say they have developed technology that would keep cars safe from cyberattacks.

At last summer's Def Con hacking conference in Las Vegas, researchers Chris Valasek and Charlie Miller described ways to launch dangerous attacks, including manipulating the brakes of a moving Prius and Ford Escape.

Valasek and Miller will show off a prototype vehicle "intrusion prevention device" at next month's Black Hat hacking conference in Las Vegas.

They built the device with about US$150 in electronics parts, though the real "secret sauce" is a set of computer algorithms that listen to traffic in a car's network to understand how things are supposed to work. When an attack occured, the device identified traffic anomalies and blocked rogue activity, Valasek said.

"I really don't care if you hack my browser and steal my credit card," Valasek said. "But crashing a car is life or death. It is dramatic. We wanted to be part of the solution."

The research the two have released on the Ford and Toyota cars, as well as work by other experts on different types of vehicles, has raised concerns that somebody might one day try to replicate their work to launch a real-life attack.

Yet the US National Highway Traffic Safety Administration said on Tuesday that it was not aware of any incidents of consumer vehicle control systems having been hacked.

The car industry has beefed up efforts to identify and mitigate potential cybersecurity risks over the past few years.

A representative of Ford said she had no immediate comment on the device.

Officials with Toyota could not be reached for comment.


For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive



This article is now closed to comments

This device is useless, I am in the business of reverse engineering automotive electronics, and we build devices to remotely control functions of your vehicle. These guys are taking this too far and like everyone else trying to fear people into buying there useless product (IT IS GARBAGE). Get someone like me who does this for a living and I will render this device useless with the snip of the high speed can line at the obd2 connector, and then I would leave their device attached to make the car owner feel safe because this thing is still hooked to their car. But now it will only be reading low speed low level messages being that the high speed can line is disabled (high speed line transfers all messages being sent from engine,trans.,ABS,steering module restraint module all safety oriented modules). Before I started cansniffer.com I was an automotive electronic diagnostic tech for 14 years. I completely understand how these modules communicate. These guys need to stick with their jobs at twitter!!.They are not doing anything special. I can take anyone with no experience with a laptop and a 50.00 interface and have them doing the same thing these guys are doing within an hour. The only way to prevent a true malicious hack is to encrypt can messages . If you are someone that is actually worried about this (because cars are being hacked everyday lol!)pay your local mechanic to splice in a plug so you can remove the obd 2 connector from your vehicle.


SCMP.com Account