An associate professor at the Hiroshima City University’s Graduate School of Information Sciences has managed to hack into a 2013 Toyota Corolla Fielder Hybrid and control certain functions of the car remotely, exposing a potential security flaw in vehicles connected to the Internet, according to Kyodo News.

Hiroyuki Inoue managed to open and close the windows, manipulate the speedometer to show an incorrect reading and disable the accelerator all through a smartphone and a WiFi device constructed from 10,000 yen (RM350) worth of commercially-available parts, the latter plugged into the car’s OBD-II diagnostics port.

This gave him access to unencrypted data inside the car’s computer, which controls engine, braking and other functions, although he still was not able to start the engine or turn the steering wheel. Despite this, Inoue was able to move the speedometer to the maximum 180 km/h mark even when the car was stationary, and employed a distributed denial of service (DDoS) attack to paralyse the car, making it unable to move.

And while Inoue said that cars with no Internet access cannot be hacked through this method, he warned that as manufacturers are equipping vehicles with Internet connectivity for features such as autonomous driving, future cars could be made vulnerable to the exploit. The details of the experiment was shared at a symposium on cyber security in Okinawa this week.

“Important [data] communication was in full view from outside. Other cars could also be subject to hacking in the same way,” Inoue said, adding that the data communication in cars needs to be encrypted, and steps have to be taken to protect systems from unauthorised external access.

A Japan Automobile Manufacturers Association (JAMA) official said that the industry will cooperate with the government on solving this issue, while Toyota has said that it will continue to work on enhancing protection on information security.