Smartphone hacking app 'zombifies' cars with Internet connection
Posted : 2013-09-11 17:04
Updated : 2013-09-11 17:04
By Ko Dong-hwan
A new hazard smartphone app can now hack into and control cars connected to wireless networks by "zombifying" it, making drivers' efforts to resist effortless.
When a driver takes a smartphone installed with the app and activates it inside a car, the app transmits Controller Area Network (CAN) messages sent out by the car's Electronic Control Unit (ECU) to remote-controlling outside attackers, an "off-guard" gateway that allows access from the app.
Once the attackers receive the CAN messages through their own server and confirm that they are remotely connected to the car, they are ready for the zombie attack.
The orders are sent to the app, which then relays them to the car's ECU. As it recognizes the orders comprising of "accelerate," "disengage from engine," or "manipulate RPM," it controls the car according to the commands, being completely detached from the driver's manual control.
Automakers in Korea are now introducing "smarter" cars in diversity. Being connected to wireless networks and linked to drivers' smartphones, these new breeds provide users with various kinds of real-time information data. BLUELink by Hyundai, UVO by Kia, OnStar by GM and Connected Drive by BMW are some examples of such service.
But this expansion in smarter cars only opened a wider channel for hackers.
A professor from Korea University said, "Cars are no longer independent machineries driven under isolated environments. And they bear greater risks of damage by remote hacking than computer devices because they can inflict human casualties."
Experts say that Korea is all but unprepared for this zombie-car hacking. They point out that counter-measures against the attacks are imminent, as electronics can be easily misused for criminal purposes with simple manipulation.