Researchers last month presented a paper at the 2017 Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) conference that demonstrated a method of hacking a car – in this case, an Alfa Romeo Giulietta – to disable any of its networked safety systems. The researchers say that the hack is nearly “indefensible” in most cases, although it might be remarkably difficult to carry out in any plausible real-world scenario, Forbes reports.
The hack was first tested on the Alfa Romeo Giulietta back in 2016, the results being presented last month by staff from Politecnico di Milano, Linklayer Labs, and Trend Micro. It essentially amounts to a denial-of-service attack (DoS attack) on the vehicle’s network, where the hackers flip certain, key bits of data in the stream from a particular component to the CAN bus in order to trigger an error. Once enough errors are detected, the system shuts down.
That said, “it’s a carefully chosen bit; you have to know the right bit to flip,” says researcher Federico Maggi. “Once you can fool the network to think a component is sending out too many errors, even though it isn’t really sending out errors, after a while it will get isolated so it can’t send or receive messages.”
In their test, the researchers figured out how to deactivate the parking distance sensors on the Alfa Romeo Giulietta using this method. It’s unlikely that it is an attack anyone should really be concerned about; in order for one to stage such an attack, he or she must rewrite the ECU firmware either by connecting a computer directly to the vehicle or utilizing some remotely exploitable vulnerability, says Forbes. Still, the research highlights just one more way in which some system on the modern car can be maliciously compromised.