Although hacking is not a new phenomenon, it has received a great deal of media attention in recent years. There have been numerous reports of hackers infiltrating computer systems ranging from major retailers to the Pentagon. Since modern cars contain between 50 and 100 miniature computers internally connecting various systems, concerns have surfaced that they could also be hacked.
Worries have increased as more and more cars are equipped with Internet-connected devices, such as Bluetooth, dashboard tablets and wireless entertainment systems. Although it is theoretically possible for a car to be hacked, the reality is quite different from the scenarios presented by filmmakers. Before addressing the reasons why you do not need to be overly concerned about car hacking, it might be helpful to explain exactly what car hacking is and why the issue has received so much attention.
What is Car Hacking?
New cars are often referred to as computers on wheels. New car models have microcomputers that monitor most of their systems, such as tire pressure, fuel mixture, automatic locking of the doors once a certain speed is attained and so on. There may also be computers attached to a GPS system, the Wi-Fi hotspot or an audio system of a car.
If the hackers were to gain control over one computer, they could access all of the other computers. The hacker could shut down your ignition, turn off your lights, change your vehicle’s speed or disable your door locks. Although such scenarios are theoretically possible, they are not very probable, given the complexities involved in hacking a car. Hackers typically do what they do for financial rewards, and there is little profit in injuring or frightening an individual.
Car Hacking: Is it Already Happening?
Since 1968, the CBS news program, “60 Minutes,” has had a reputation for investigative journalism. Due to the show’s high ratings, when a report appears on “60 Minutes,” it tends to generate a great deal of public interest. The story on car hacking that aired on February 2015 was no exception, spawning an upsurge in concerns about the issue.
The story demonstrated that it was indeed possible to hack a car. However, the process was not easy, and it was only successful after a laptop was physically connected to the car’s systems. It was then possible to take over some of the car’s systems, including the wipers, the brakes and the acceleration.
In 2014, Chris Valasek and Charlie Miller, two white-hat hackers, conducted extensive analysis on a variety of automotive makes and models. They discovered that some models were more vulnerable to hackers than others. However, although they warned that the threat of car hacking is real, they have also emphasized that the issue is more of a future threat than a current one.
Experts have identified three different types of attacks that car hackers could use.
- Indirect physical attacks require hackers to exploit one of the car’s physical access points by either indirect or direct means. For example, cars have an OBD-II port that is used by technicians during diagnostics or maintenance procedures by either plugging in a device or using a handheld sensor. Other possible access points include a digital multimedia port, iPod or even some stand-alone CD players.
- Short-range wireless attacks exploit interfaces that only work within a limited range. These include Bluetooth connections, Wi-Fi hotspots, remote keyless entry systems and tire-pressure monitoring systems. Keys equipped with a computer chip (RFID keys) are also a potential threat surface.
- Long-range wireless signals are the third type of potential attack. Modern cars can be equipped with a variety of receivers that have the ability “pick up” distant signals. These include the GPS system, satellite radio and on-demand broadcast channels. Another vulnerability exists with systems that are continuously connected to provide crash reporting, diagnostics or the ability to track and disable a stolen car.
What Happens when a Car is Hacked?
Although there have been several studies conducted on the issue of car hacking, there are two extensive research projects that stand out. Both were conducted jointly by researchers from the University of Washington and the University of California San Diego. The first study was conducted in 2010 and focused on what a hacker could do if he were able to gain control of a car. The second study, which took place in 2011, focused on the probability that a hacker could gain control of a car’s internal computers without having direct access.
Researchers demonstrated that if a hacker were to seize control of a car, it was possible for the hacker to force all of the following actions:
- • Pop the trunk.
- • Operate windshield wipers continuously.
- • Unlock all of the doors or disable the ability to unlock them.
- • Activate the horn continuously or intermittently and control frequency.
- • Disable headlights and turn off auxiliary and brake lights.
- • Spray windshield fluid continuously.
- • Control the brightness of instrument panel and dome light.
- • Turn off the windshield wipers.
- • Disable power steering and brakes.
- • Engage brakes unevenly.
- • Grind the starter.
- • Increase the RPM, even when at idle.
- • Shut down the engine.
- • Return a false speedometer reading.
- • Change the radio volume and/or display.
- • Adjust the heater and air conditioner, including the fans.
Is Your Car at Risk?
In today’s world, it is virtually impossible to state that something is impossible. However, the laws of probability can help calculate the statistical chance of an event occurring. Compared to having your car hacked, you are far more likely to have one of the following events occur:
- Being hit by a meteorite.
- Winning the lottery jackpot.
- Winning a lottery jackpot twice.
Although there is a potential risk of your car being hacked, the chances of it actually happening are so low as to be insignificant. Researchers could only control the hacked car if they first established a physical connection to it. There is also the problem of the difficulty involved; hackers would need to target a specific vehicle and tailor their code to breach its defenses. To hack just a single car requires considerable effort, time and financial resources.
Despite what the filmmakers would have you believe about car hacking, the reality does not support their scenarios.
- The circuitry and computers in cars are closed systems.
- They do not receive signals from outside the car, even if they are providing Internet connectivity.
- Closed systems make it virtually impossible to access the car remotely.
- The greatest risk is actually the car’s owner. Many cars today come with dashboards that function as tablets or entertainment systems and allow downloading from the web. Owners may bypass the official app store and download an app or file from a site that contains malware or a virus. Even then, the chances that a hacker could exploit the malicious app are extremely remote.
Auto manufacturers are adding security features, such as firewalls, to control the flow of information between systems to ensure that no malicious code is passed between them.
- Manufacturers are working with expert white-hat hackers to find and fix potential security risks. The hackers do their best to compromise the system, and even a small success means that the manufacturer will increase the security standards.
Furthermore, automakers are keenly aware of the potential problems posed by hackers. They are working diligently to harden their systems against hackers, installing additional protections and undertaking extensive code revisions. By the time hackers uncover an effective way to hack today’s cars, their methods will be obsolete. In short, even as the number of new cars that are connected to the web increases, they will become less vulnerable with each year.
What Does the Latest Development Say?
An invention that should make protecting against hackers even easier is the brainchild of Eric Evenchick. He has developed a low-cost device that can be connected to a car’s OBD-II port to make testing easier. Called CANtact, the device features open-source coding to allow industry programmers to develop fixes for specific vulnerabilities they uncover during testing.
The device should help overcome one of the most critical issues in the battle against car hacking — limited knowledge on how the car’s computer systems actually work. With CANtact, the programmers will be able to test the security systems, even though they do not know the automakers’ code and have limited knowledge regarding how all of the microcomputers are networked. It should be noted that CANtact only works when it is physically connected to a car and is used for testing purposes only.
Here a short video of what is possible if your car is hacked:
Are you worried about your car being hacked?
It is not at all probable that your car will be hacked, even though it is possible to do so in controlled environments. The most troublesome part about car hacking is the hype that has been created around it and a disregard of the actual facts regarding car hacking. Car manufacturers are making sure that the only car hacking that is possible is the one that’s being done during their internal testing runs.
What is your opinion on this issue? Do you think the concern is justified?