In their report, the researchers don't name the make of the 2009 model car they hacked.
Savage and the other researchers presented their work to the National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, which is studying the safety of electronic automotive systems in the wake of last year's massive Toyota recall. That recall was prompted by reports of unintended acceleration in Toyota vehicles, a problem that was once thought to have been connected to electronic systems but ultimately was blamed on floor mats, sticky gas pedals and driver error.
With the high technical barrier to entry, the researchers believe that hacker attacks on cars will be very difficult to pull off, but they say they want to make the auto industry aware of potential problems before they become pervasive.
Car hacking is "unlikely to happen in the future," said Tadayoshi Kohno, an assistant professor with the University of Washington who worked on the project. "But I think the average customer will want to know whether the car they buy in five years ... will have these issues mitigated."
Another problem for would-be car thieves is the fact that there are significant differences among the electronic control units in cars. Even though an attack might work on one year and model of vehicle, it's unlikely to work on another. "If you're going to hack into one of them, you have to spend a lot of time, money and resources to get into one software version," said Brian Herron, vice president of Drew Technologies, an Ann Arbor, Michigan, company that builds tools for automotive computer systems. "It's not like hacking Windows, where you find a vulnerability and go after it."
So far, carmakers have been very receptive to the university researchers' work and appear to be taking the security issues they've raised very seriously, Savage and Kohno said.
Sign up for Computerworld eNewsletters.