hacking a car, easy as pie, according to a hacker

published on Saturday, April 02, 2022 at 1:54 p.m.

“This car is driven with feet and hands. And yet, my phone was also driving it,” says Gaël Musquet, an “ethical” hacker specializing in transport cybersecurity, on the sidelines of an organized reindeer championship.

Using a red Toyota hybrid, the 42-year-old West Indian demonstrates some unstoppable techniques for remotely taking control of a car: hacking into the keys, the on-board computer, or a tire sensor.

“I just plugged my phone into the car’s spinal cord, which runs through the inside rearview mirror. This autopilot is free software, everything can be downloaded from the internet”, she unrolls, black hoodie. The demonstration takes place in front of the public on the occasion of the BreizhCTF hacker championship, which welcomed some 500 participants in the night from Friday to Saturday.

“My only merit is having hijacked this free software designed for American versions of Toyotas, and having adapted it to European vehicles,” continues the man who is also a meteorologist by training, specializing in the prevention of natural disasters thanks to digital.

Its objective? Test vehicles so they can drive themselves, even remotely, and uncover security flaws to prevent intrusions by malicious individuals. Like him, a few hundred hackers around the world work on “cybercars”, sometimes in association with manufacturers as in the United States, “but not in France, which is not the culture”, he judges. .

One of the ways to do these tests is, according to him, to find spare parts in Le Bon Coin to “better understand how they work and divert them”. This is the case of the small radio-connected valves installed in the tires to inform the driver in real time of their pressure level.

– “Digital crash tests” –

“If you have a bad tire, your vehicle flashes a warning light telling you that you have a flat tire, for example. Hackers draw the attention of manufacturers and equipment manufacturers who have not encrypted the communications between this valve and the car’s computer”, emphasizes Gaël Musquet, whose book is “The car hacker’s manual” (le manuel du pirate automobile, ndlr).

According to him, it is enough to find the communication frequency of the tire and obtain a ham radio antenna to make someone believe that their tires are flat or have caught fire.

“It’s not science fiction, you can even stop a convoy, and it’s endless because these vehicles will be increasingly equipped with computers, sensors,” predicts the “ethical” hacker, who demands the equivalent of “digital crash tests” for everyone. vehicles leaving the factory.

A car key can also be hacked. “It is only necessary for someone to approach me, pick up the signal from my key, duplicate it with a loop antenna and go through my vehicle to activate its opening”, he lists, recalling the well-known precept of the community, according to which “ with every opportunity, a new vulnerability.”

Even as a child, Gaël Musquet liked to take his toys apart to better understand how they worked. “I was born like this. Even today, my washing machine, my oven, if I can’t control it, I’m not satisfied, ”he jokes.

“Our role is to see problems before they happen and fix flaws before they are exploited,” he explains, although the first cyber risk remains above all “theft.”

Almost all means of transport are affected by cybersecurity problems: trains, planes, ships, electric scooters… “Every time we threaten the computer of one of these vehicles, we can endanger human lives,” says Musquet, who He works with the Air Force.

In Brittany, cybersecurity already generates 8,000 direct and indirect jobs, according to the regional council. The goal is to increase to 80,000 in ten years.

Leave a Comment