Installation allegedly requires someone to attach four wires to the vehicle’s Controller Area Network (CAN bus), which could take “five minutes or less,” Vazquez Vidal told Forbes.
“We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do,” he adds.
The researchers admit that the CAN Hacking Tool’s capabilities vary significantly from car to car, and require under-the-hood or trunk access for installation in some cases.
The current homebrew build integrates a Bluetooth radio for remote command injection, though attackers could presumably use a cellular radio for the same purpose.
The duo plan to keep the code secret, hoping to start a conversation with automakers to help protect against the use of such technology for nefarious purposes. Other researchers have achieved similar results with laptops connected inside a cabin, or directly via a vehicle’s integrated Bluetooth or cellular radio, however the Spanish team views their cellphone-sized tool as much more threatening due to its simplicity and affordability.
“The goal isn’t to release our hacking tool to the public and say ‘take this and start hacking cars,’” said Vazquez Vidal. “We want to reach the manufacturers and show them what can be done.”
Leave a Reply