AFP, published on Saturday, April 02, 2022 at 1:54 p.m.
“This car, it drives with the feet and the hands. And yet, it was also driven by my phone”, assures Gaël Musquet, “ethical” hacker specialist in cybersecurity in transport, on the sidelines of a championship organized in reindeer.
Using a red Toyota hybrid, this 42-year-old West Indian demonstrates some unstoppable techniques for taking control of a car remotely: hacking the keys, the on-board computer or a tire sensor.
“I just plugged my phone into the spinal cord of the car, which passes through the interior rearview mirror. This autopilot is free software, everything can be downloaded from the internet”, he unrolls, black sweatshirt with hood. The demonstration takes place in front of the public on the occasion of the BreizhCTF hacker championship, which welcomed some 500 participants on the night of Friday to Saturday.
“My only merit is to have hijacked this free software designed for American versions of Toyotas, and to have adapted it to European vehicles”, continues the one who is also a meteorologist by training, specializing in the prevention of natural disasters. thanks to digital.
Its goal? Test vehicles so that they can drive themselves “on their own”, even remotely, and uncover security flaws to prevent intrusions by malicious people. Like him, a few hundred hackers around the world work on “cyber automobiles”, sometimes in partnership with manufacturers such as in the United States, “but not in France, which is not the culture”, he judges. .
One of the ways to do these tests is, according to him, to find spare parts on Le Bon Coin to “better understand how they work and divert them”. This is the case with the small valves connected by radio installed on the tires to inform the driver in real time of their pressure level.
– “Digital crash tests” –
“If you have a tire defect, your vehicle lights up a warning light which tells you that you have an under-inflated tire, for example. We hackers draw the attention of manufacturers and equipment manufacturers who have not encrypted communications between this valve and the computer of the car”, underlines Gaël Musquet, whose bedside book is “The car hacker’s handbook” (le manuel du pirate automobile, ndlr).
According to him, it is enough to find the communication frequency of the tire and to obtain an amateur radio antenna to make someone believe that their tires are deflated or have caught fire.
“It’s not science fiction, you can even stop a convoy, and it’s endless because these vehicles will be more and more equipped with computers, sensors”, predicts the “ethical” hacker, which demands the equivalent of “digital crash tests” for all vehicles leaving the factory.
A car key can also be hacked. “Someone just needs to approach me, pick up the signal from my key, duplicate it with a loop antenna and pass by my vehicle to trigger its opening”, he lists, recalling the well-known precept of the community, according to which “with each opportunity, a new vulnerability”.
Already as a child, Gaël Musquet liked to take his toys apart to better understand how they worked. “I was born like that. Even today, my washing machine, my oven, if I can’t take control of it, I’m not satisfied,” he jokes.
“Our role is to see the problems before they happen and to correct the flaws before they are exploited”, he explains, even if the first cyber risk remains above all “theft “.
Almost all means of transport are affected by cybersecurity issues: trains, planes, boats, electric scooters… “Each time we threaten the computer of one of these vehicles, we can endanger human lives,” notes Mr. Musquet, who works with the Air Force.
In Brittany, cybersecurity now generates 8,000 direct and indirect jobs, according to the regional council. The objective is to increase to 80,000 within ten years.