Cars equipped with devices connected to the Internet can be hacked and controlled remotely through smartphones, according to an experiment conducted by a professor in Hiroshima.
Hiroyuki Inoue, an associate professor at Hiroshima City University’s Graduate School of Information Sciences, said he was able to remotely open and close car windows, display an incorrect speedometer reading and freeze a car’s accelerator.
Inoue said the effects do not directly apply to cars currently on the market as their computers have no Internet access.
But he warned that cars privately altered and equipped with Internet devices could be hacked. Japanese manufacturers are also developing Internet-linked technologies such as self-driving vehicles.
He was planning to announce the details of his experiments at a three-day symposium on cybersecurity that started Tuesday in Okinawa.
For his experiments, Inoue used a 2013 Toyota Corolla Fielder Hybrid, a Wi-Fi device he assembled with commercially available parts costing about ¥10,000 and a smartphone app he developed to remotely control the vehicle.
By connecting the Wi-Fi device to a terminal located under the steering wheel, which is normally used to attach a monitoring device for maintenance work, he succeeded in gaining access to unencrypted data in the car’s computer that controls the engine, brakes and other functions.
As a result, the hacked vehicle showed a reading of 180 kph on its speed display even though it was parked.
The car was also paralyzed when it was bombarded with an overwhelmingly large amount of data, creating a situation similar to a computer that has come under a distributed denial of service (DDoS) attack, a common technique used by hackers to attack computer servers over the Internet. This left the driver unable to move the car by pressing down on the accelerator.
“Important (data) communication was in full view from outside. Other cars could also be subject to hacking in the same way,” he said, calling for the need to encrypt onboard data and take other steps to protect a car’s systems from unwanted access.
An official at the Japan Automobile Manufacturers Association said the industry will work on measures to deal with the issue by cooperating with the government.
Toyota said it will continue making efforts to enhance information security.