Toyota, Ford hack highlights dangers of M2M attacks

Car manufacturers were quick to dismiss reports appearing in the media that researchers were able to electronically commandeer a 2010 Ford Escape and a Toyota Prius.

Representatives of the vehicles’ manufacturers contend that the proof of concept work by Chris Valasek, director of security intelligence at IOActive Inc. and Charlie Miller, a security engineer at Twitter, could not be considered a hack because it required a wired connection between the “attacker’s” device (an old Nintendo game controller) and the target vehicle.

The researchers connected their controller to the electronic control units (ECU) of the vehicles via the on-board diagnostics ports. The ECU is part of the vehicle’s computer network which controls functions such as acceleration, braking, steering and monitor displays. The researchers, who were onboard the target vehicle, over-rode the computer commands and steered the vehicle with their controller, activated the brakes and made the fuel gauge drop to zero.


The car manufacturers missed the point according to security experts. What the experiment illustrates is that each step takes researchers nearer to “a new step forward,” according to Glenn Chisholm, chief security officer of Cylance, a critical infrastructure security company.

The fact that the United States Defense Department’s Defense Advanced Research Projects Agency (DARPA) funded the research indicates that the government believes the ubiquity of computers in vehicles and the possibility of digital attacks are a legitimate security threat, said Aaron Portnoy, vice-president of research at security researcher firm Exodus Intelligence.

The dangers of machine-to-machine communication being exploited for ill-intentions was demonstrated back in 2010 when group of researchers from Rutgers University were able to wirelessly hack a car’s tire pressure monitoring system to send false low-pressure warning. The hackers were travelling on a separate car behind the target vehicle when they sent the command.

Vehicle manufacturers should look to the nuclear power industry for examples best practices examples, said Andrew Ginter, vice president of industrial security for Waterfall Security Solutions Ltd.

In nuclear plants, monitoring systems are located in one network, while systems that control reactor operations are on a separate network. Ginter said manufacturers can use the same architecture layout for vehicles to segregate monitoring functions from critical functions such as brakes, steering and acceleration.

Read the whole story here and here

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now