Automakers haven't shown they're doing all they can on the security front, and one 14-year-old at a hackathon proved that by accessing a car's computer after a trip to Radio Shack and a night of soldering.
Each year, high school and college students participate in the CyberAuto Challenge, where they join automakers, policy wonks, and engineers to explore the technical side of cars. It's organized by Battelle, a non-profit R&D group that focuses on security and connected vehicles, and it's been running for going on three years.
Thirty students participated in the last car-centric hackathon, where they were broken up into groups and assigned a vehicle to poke around, train them about security, and maybe discover something that wasn't explicitly designed into the car.
Most of the time it's a bit dull. One 14-year-old changed that.
After a couple days at the camp, the student (who can't be named) wanted to see if he could wirelessly connect to one of the supplied vehicles (which also can't be named) and have some fun.
"He had an idea about using a wireless transmitter to connect to the car and talk with the vehicle over the CAN bus," Dr. Anuja Sonalker, lead scientist for Battelle's cyber auto group told Jalopnik. But he didn't have the parts he was looking for.
He got to a local Radio Shack, spent around $15 on a circuit board, transmitter, and other bits, and then spent the rest of the night creating what Sonalker describes as a "small robotics project" made from easily available parts.
The next day he was able to connect to the vehicle, send messages to it wirelessly, and have it respond.
"Very simple stuff," says Sonalker. "Non-critical, but like lights and windshield wipers."
Sonalker and Battelle refuse to divulge how the student managed to pull it off or which automaker's engineers had to lift their jaws off the ground. But it proved a point.
"These are kids who have never dealt with these architectures," says Sonalker, who described what the student did as "script-kiddy" stuff – low-level, relatively easy hacks.
"Witnessing a kid who isn't even old enough to drive hack into vehicle was a real eye-opener for us," said Dr. Andrew Brown, Delphi's chief technologist.
Since the details of the car and the hack are undisclosed, it's hard to say whether this was an older vehicle with even more lackluster security than what's available today. But it's just the latest reminder that automakers are still playing checkers while everyone else is playing World of Warcraft.