Gaël Musquet, attacking car attackers
RFI: to take control of a car, you entered the systems of the connected tools remotely… Which tools?
Gael Musquet: it’s not complicated ! This goes from the key, tires, radio, mirrors. Today all these tools are connected to the servers of manufacturers and equipment manufacturers. A professional like me can go through the cables that are behind your mirrors!
And the cell phone?
Obviously ! It’s even the easiest tool for a hacker to take control. Just imagine, when you’re driving whether on Wi-Fi or via Bluetooth to listen to the radio or your music. Everything, I mean everything, goes through your phone since it allows you to phone while driving without taking your hands off the wheel.
But these hacks of individual vehicles, of Mr and Mrs Everyone, still seem very rare these days, right?
Think again ! They exist and the trend, with increasingly dematerialized orders (closing doors with the telephone, etc.) will only increase. The main reason to hack a car today is to steal it remotely, by opening the doors! For this, the hacker managed to penetrate the system. He can therefore take control of your key. Especially if you use your phone, as it exists, for example, to lock your car.
You fear future attacks, even mass vehicle hijackings. Operations from mafia groups and terrorists. But to achieve what?
There are several forms of risk. Imagine the catastrophe of an avalanche of road accidents. Or modify the directions of the vehicles. Or even the total stoppage of traffic. Blocking highways. This will depend on the purpose of the cybercriminals.
Paralyzing an entire city, is it possible today?
Yes ! In any case, it is a risk. It is enough for hackers to manage to penetrate the system of a vehicle itself connected to the manufacturer’s server which is itself connected to other motorists. Stopping all vehicles (cars, trucks, etc.) by seizing their GPS (Road Guidance System) is not science fiction, it is possible today and it will be even more so tomorrow , with autonomous cars or even more connected than they are today.
So, if I understand correctly, you can hack a car just by the presence of the passengers’ cell phones or computers? Just being in the car is enough…
Hence the importance, you say, of warning professionals but also the general public, these Mrs and Mrs Everybody!
This is my fight! The fight of all hackers who, like me, work in the service of the population, of consumers.
But then, what advice to prevent this remote hacking?
The same as with the simple gestures that you have to use with your computer or tablet at home! Do not click on any email, do not open unknown links on the internet… Precautions to keep in mind every day.
Like a bathroom toilet. Besides, experts like you talk about computer hygiene… Like brushing your teeth!
It’s the same thing ! Once you get used to it, then it’s child’s play! The main thing is to ask yourself the question when you see an unknown address or email.
You are going to publish files in France, intended for the general public.
Yes, our children’s generation really needs to be warned of the risks. It’s about instilling the basic reflexes that make stealing or attacking vehicles more difficult. Another example, for car keys, there are radiation shields on the market…
On the model of the bank’s credit card protectors?
Yes ! It’s also useful to know that you can buy these accessories that slow down the speed of breaking into a car, just like an anti-theft device, you have to slow down the speed and the ease of penetration of a car to counter the hackers.
Is it the autonomous transport market (buses, taxis, cars, trucks, planes, trains, drones…) that gives you the feeling of such urgency?
Yes. Even if autonomous traffic is not for now. It will come one day. And in the meantime, there will be stages. We must not let faults settle near the constructions of these new cars or trucks or train, planes, ships…
Are all types of transport concerned?
All without exception! Transport pirates attack new drones on the market as well as simple cars, all types of transport are targeted. The last major attacks at sea against Freight ships (transport of goods) have given rise to ransom demands. By domino effect, the action of these criminal gangs will affect all customers who have property on these boats.
One of your other concerns is about car rentals.
It is one of the favorite gateways for pirates. As soon as you enter the car, if you want to access GPS or Bluetooth, the car’s computer will ask you to connect to your phone.
In this case, should we refuse?
Obviously ! Especially if you have your work emails or sensitive data in your I phone.
However, in 2017, France created an Intelligent Transport Observatory, does that mean that it was useless?
Without going that far, I would say that in France, there is a lack of cyber risk culture!
The general public or the manufacturers of means of transport?
Both ! It would be necessary (as is the case with our European neighbours, in Germany for example) to bring together all the players in the chain. From the manufacturer, to the mechanic, via the equipment supplier. To educate them on risks. Then they would decide on firewall systems, in order to prevent thefts. It would change the way they design their vehicles.
Is France behind compared to Europeans or countries of the world?
Really late yes! In the USA, or elsewhere in Europe, we can see manufacturers lending cars to hackers! These competitions encourage hackers like me to find faults in cars. Builders would save time. So money by avoiding errors and the risk of having to redo models.
Who are you working for today?
For the automotive industry. For the merchant navy, for the space sector with the CNES (Centre National d’Etudes Spatiales). But also for the Ministry of Defence. of Defence, a very effective collaboration.
Let’s talk about your future. You will put your experience to good use at the new cyber campus in Puteaux, near Paris.
I’m very happy about it. It is a new school where young people can learn about the risks of computer attacks. It is about transport such as sensitive buildings or new tools that will affect our everyday life (house, transport, city, etc.)
It’s quite funny. But it’s actually your job as a meteorologist that pushed you into hacking. Hack to prevent being hacked!
That’s quite right ! Perhaps it is linked to my childhood in Guadeloupe. From childhood, I was traumatized by the violence of hurricanes. The number of human deaths and material damage they can do. I made the mix, the weather coupled with my second passion, IT!
NewsletterReceive all the international news directly in your mailbox
Follow all the international news by downloading the RFI application