VSP takes steps to prevent cyber-attacks, instead of cleaning up damages left behind by one such attack

Sep 30, 2015 21:01 GMT  ·  By

In the wake of recent car hacking incidents, the Virginia State Police (VSP) authority is not waiting for hackers to attack their cars and has initiated a research to study and prevent such scenarios from ever happening.

The project was started back in May by Virginia Governor Terry McAuliffe and saw multiple organizations cooperate to explore the different ways the VSP's cars can be hacked, and then create protection systems.

The experiment targeted 2012 Chevrolet Impala and 2013 Ford Taurus cars, which make the bulk of the VSP car fleet. The VSP currently has 155 Impalas and 427 Fords deployed to its troopers.

This experiment was exclusively reported by Kelly Jackson Higgins from Dark Reading, and during it, researchers hacked each car type.

The VSP cars do not provide external connections for attackers to take advantage of, so for each test, scientists had to install a rogue device on the vehicles, which would allow them to connect via Bluetooth to the hacked car.

The state trooper cars were hacked via a rogue Bluetooth device and a mobile app

To hack the cars and take control of various vehicle functions, the scientists then used a simple mobile app.

During their tests, attackers were able to start, accelerate, control the gear box, and then stop the engine for the 2012 Impala, and they were also able to block the 2013 Ford Taurus from starting, start it remotely on command, and block doors from opening, blocking drivers inside.

After both hacking experiments, scientists also introduced two dongle-like devices into the car's dashboard ports, devices which they had created to analyze and monitor the vehicle's OBD II port and CAN bus.

These devices can detect suspicious activity inside the car's computer, and block operations before they are transmitted to the car's components. They also come with a logging utility, which Frank Byrum, chief scientist for Defense contractor Spectrum, said could be used to detect if crashes were caused by cyber-attacks, even if a cyber-group claims responsibility for a car hacking incident or not.