In Defcon 2015, Charlie Miller & Chris Valasek published their research on “Remote Exploitation of an Unaltered Passenger Vehicle” where they demonstrated how they were able to exploit jeep travelling at a speed of 60mph in the middle of a highway.
Now, Terence Eden, a senior product manager at O2 UK can make his bmwi3 electric car tweet about itself and more.
To make his BMW tweet he had to carry out different stages of an attack, first he installed packet capture to intercept communications between devices. Then used the information available from interception to investigate message being sent from his I remote app running in his Android phone to his BMW. I remote app is a software for cars which allows the user to control different feature of their vehicle such as unlocking car doors and allowing users to honk the horn.
In this case, Eden set up a Twitter account posting updates on behalf of his BMW, most of which include basic information about the car’s usage.
Eden adds, “It would be lovely if BMW decided to open up an official API so that people could fiddle with their cars, the API seems secure and there’s limited scope for damaging the vehicles”.
Source: Eden’s Blog