The cars rolling out of production nowadays are more like large computers on wheels than conventional cars. More systems are being installed in cars to make our rides smoother, fun and more entertaining. Cars connected to the internet are commonplace in this age, and as we all know, any physical device with internet connectivity can be the target of cyber-attacks. These advances in car design have therefore added cars to the list of things that hackers can mess with for fun and profit. What is even scarier is that recent studies have shown that your car doesn’t even need to be connected to the internet to be hackable; it can even be tampered with though the Bluetooth connectivity of a device in the car. So, yes, unfortunately, your car could get hacked!
The following facts will walk you through the rapidly growing threat of car hacking.
1. Who discovered cars could be hacked?
Back in 2013, fear that cars were hackable resulted in two researchers, Chris Valasek and Charlie Miller, being given an $80,000 grant by a research agency in the Pentagon to research security susceptibilities in cars. They made their break in early 2015 when they successfully hacked a 2014 Jeep Cherokee. They achieved this through exploiting a weakness in the car’s radio system, and they proceeded to remotely take control of the car’s radio, air-conditioning as well as the engine and the brakes. Their discovery led to a massive recall by Fiat Chrysler Automobiles for Chryslers, Dodges, and Jeeps for software updates.
2. Connected Cars: the challenge they pose
Connected cars are said to be the future of the auto industry. Millions of them are already rolling on the streets, and the expectation is that by 2020, almost all manufactured cars will be connected. As much as connected cars have their advantages, they also provide a hacking platform for hackers to access a car’s delicate CAN (controller area network) bus. Once hackers have gotten this access, they are in a position to remotely send commands to the various controllers in the car in order to track the car, steal data (private or corporate) or even take over various functions of the car. The latter ranges from non-safety functions such as talking over windshield wipers, the infotainment system, to very safety-critical functions such as disabling the braking system or switching off the engine while in transit.
3. Cars don’t need internet connectivity to be hacked
The popular misguided belief is that only cars connected to the internet can be hacked. Well in early 2015, a project involving the Virginia state police, the Mitre Corp and the University of Virginia found out that certain non-networked cars could be meddled with. They experimented with the 2013 Ford Tauruses and the 2012 Chevrolet Impala and discovered that they could make the car “refuse” to go from park to drive and take over the engine. Attack codes written by Mitre Corp were able to lock driver’s door, unlock the passengers’ door, open the trunk as well as take over the windshield wiper system.
In a different experiment, Promon Technologies showed how they could use an app to drive off with another person’s Tesla car. The app not only enabled access to the car allowing it to be driven away but was also used to track the location of the car in the first place.
Although these attacks are not as easy as for connected cars, they are proof that internet connection is not required for hacking a car.
4. Driverless cars are next on the list for cyber criminals
With Nunotomy having rolled the first batch of driverless cars in Singapore, concerns over their safety are at an all-time high. Some of the security concerns have been proven at the moment, with a researcher having shown that a laser pointer could interfere with the mechanisms used to drive these cars. The development of driverless cars is still at an infant stage, and we can only wait and see how manufacturers will deal with the hacking threat, and how cyber criminals will respond. Besides, the war is never won; when safety organizations upgrade firewalls, hackers upgrade too.
What are your thoughts on car hacking? Are there ways we can protect our cars from being hacked?