Would you be crestfallen if you came to know that your car could be unlocked and its engine could be started without even your knowledge?
However mindboggling it might sound, a 20-year-old man from the city has demonstrated to around 30,000 cybersecurity experts from across the world how a 2018 model of Honda Civic could be hacked using a ridiculously simple method.
Ayyappan Rajesh is one of the two researchers to have penned a report published in March, which showed that cars manufactured by Honda are vulnerable to hacking. This can be done by intercepting and copying signals sent to the vehicle through the key fob.
The computer engineering student of UMass, Dartmouth, recently attended DEFCON, an annual convention of ethical hackers and cybersecurity experts, held in Nevada, Las Vegas.
“At DEFCON, I talked about my discovery, and also had a car hacking village demonstration where anyone could hack a 2018 Honda Civic using a ‘flipper’, a custom-made device. It was very well received and I got the opportunity to display the hack to none other than Chris Inglis, US President Joe Biden’s cybersecurity advisor,” Rajesh told HT.
Inglis, who is also the national cyber director of the US, presented Rajesh with a challenge coin as a token of appreciation.
Speaking further about the Honda hacking, he said, “There are tools available for under $200 that a 10-year-old with little to no technological knowledge could use to exploit the flaw. Forget the issue of having your belongings taken, access to a particular port present inside the car could let someone take complete control of your vehicle. Researchers have even been able to kill the engine in a moving vehicle.”
This vulnerability has now been officially recognised by the global cybersecurity community and assigned a common vulnerabilities and exploits number.
Rajesh recalled how excited he was to also meet cybersecurity legends like Jen Easterly, director, Cybersecurity and Infrastructure Security Agency, as well as civilian experts that he has always been a fan of.
Rajesh grew up in Mumbai and attended Indus International High School in Bangalore before leaving for the US to pursue a bachelor’s degree. He had completed several internships, including one with the Gurugram police, where he learned about the Information Technology Act, 2000, and another at the National Critical Information Infrastructure Protection Centre.
“My interest in cybersecurity began while learning about iOS app development through my first guru at Nimap Infotech. I had created a small game back then and was fascinated by the concept of ‘jailbreaking’ devices and have complete control over what I could do with it,” he said.
Rajesh is now starting a project with some veteran cybersecurity experts to build a team worldwide to research known flaws in key fob security.
DEFCON, one of the most sought-after conventions in cybersecurity, derives its name from the term “defence ready condition”, used by the Pentagon to indicate the level of threat faced from other nations.