Tuesday, June 25, 2013

Major Counter-Terrorism Expert: Hasting’s Car Crash “Consistent with a Car Cyber Attack.”

Counter-terrorism expert Richard Clarke has told HuffPo that the circumstances of Michael Hasting’s car crash were “consistent with a car cyber attack.”

While hastening to add that he was not saying the crash was a purposeful attack, Clarke stated that“‘There is reason to believe that intelligence agencies for major powers’” — including the United States — know how to remotely seize control of a car.

Clarke served during both Bush presidencies and under Bill Clinton.

Just what is a “car cyber attack”?

Salon explains:
The answer can be found in two alarming papers by researchers at the University of Washington and the University of California, San Diego, “Experimental Security Analysis of a Modern Vehicle,” and Comprehensive Experimental Analyses of Automotive Attack Surfaces.
Taken together, the papers make for scary reading. In the first the researchers demonstrate that it is a relatively trivial exercise to access the computer systems of a modern car and take control away from the driver. The second demonstrates that such mayhem can be achieved remotely, via a variety of methods. The inescapable conclusion: The modern car is a security disaster.


  1. Scary indeed. From the first paper:

    "Even at speeds of up to 40 MPH on the runway, the attack
    packets had their intended effect, whether it was honking the
    horn, killing the engine, preventing the car from restarting,
    or blasting the heat. Most dramatic were the effects of DeviceControl
    packets to the Electronic Brake Control Module
    (EBCM)—the full effect of which we had previously not
    been able to observe. In particular, we were able to release
    the brakes and actually prevent our driver from braking; no
    amount of pressure on the brake pedal was able to activate
    the brakes. Even though we expected this effect, reversed it
    quickly, and had a safety mechanism in place, it was still a
    frightening experience for our driver. With another packet,
    we were able to instantaneously lock the brakes unevenly;
    this could have been dangerous at higher speeds. We sent
    the same packet when the car was stationary (but still on
    the closed road course), which prevented us from moving it
    at all even by flooring the accelerator while in first gear."

  2. A discussion of car hacking in Las Vegas