Expert Explains How He Hacked Two Cars For Research - His work on automotive cyber threats has one U.S. senator asking questions

Pete Bigelow autos.aol.com Chris Valasek isn't your traditional gearhead. He doesn't care about the horsepower of his engine. He doesn't change his own oil. "I don't even get my oil changed," he confesses. What he does know about cars, however, is enough to scare major car companies, federal lawmakers and cyber security experts. Valasek and a colleague, Dr. Charlie Miller, hacked into a Ford Escape and Toyota Prius last summer and published details of their exploits in a landmark report on automotive cyber security. Sitting in the rear seats, they controlled nearly every imaginable function of the cars, manipulating things like steering, throttle inputs and dashboard indications. They demonstrate their feats in the above video. Their successful breaches of the vehicles' security systems have drawn the concern of U.S. Senator Ed Markey, (D-Mass). Last month, Markey sent the country's leading automakers a seven-page letter asking questions on how they plan to fend off such cyber attacks. In it, he cited Valasek and Miller's research as one of the bases for his worries. Responses are expected from car companies in February. Computers govern almost every aspect of the way cars operate these days. Most cars have 40 to 80 electronic control units that control everything from on-board touchscreens to engine performance. These ECU's are often linked on a Controller Area Network. Cars were easy to infiltrate Valasek, director of security intelligence at IOActive in Pittsburgh, said it took about nine months of working part time on the project to master his understanding of the systems. Once he and Miller gained access to the vehicles, however, it was frightfully easy to exploit them. "If you are on the network and you know the messaging format, you have the keys to the castle," he told AOL Autos. "They really have no resilience against a determined attacker." As car companies rush to add features that keep drivers connected to their online lives, such as USB ports, app stores, browsers and in-car wifi networks, Valasek foresees more potential entry points for hackers. And it doesn't matter if a hacker broke into one area of the car's network, such as the telematics units, as they can still affect another area. "Once you're in the car, it's a trusted environment," he said. "They assume there's never an attacker on the network. ... The way these networks are set up to, say, control steering, you don't have to compromise the computer that does the steering. You just have to compromise a computer on the same network." to read more: autos.aol.com