How wireless technology makes your car hackable

September 2, 2015 | 0 Comments

Car manufacturers are loading up new cars with many technologies that drivers don’t want or use… and these add-ons could render the cars potentially more hackable. As a J.D. Power survey reports, 20 percent of new vehicle-owners surveyed were not using their vehicles’ interactive features, among them, the in-vehicle concierge, the 3G or 4G router, automated parking, head-up display and others.

OSX car

Wireless technology in cars that goes largely unused by their owners also leaves the door open to hackers. Image from erKURITA.

Certain wireless features aren’t just unwanted by drivers; in-car entertainment, for one, can also be a portal for hackers to take control of the wheel. Two hackers recently usurped control of a Jeep Cherokee in downtown St. Louis as part of a project to expose the car’s vulnerabilities. As Wired reports, hackers Charlie Miller and Chris Valasek tested their car-hacking research using software that sends commands via a Jeep Cherokee’s entertainment system to control its dashboard functions, steering, brakes, and transmission. They can also lower speeds and kill the engine and either engage the brakes or disable them.

Partially as a result of the pair’s work to expose vehicles’ wireless vulnerabilities, senators Ed Markey and Richard Blumenthal are now endeavoring an automotive security bill that would introduce new digital security standards; or, as Wired terms it, an “anti-hacking antidote.” The bill would also require automakers to inform consumers about how data from vehicles is collected and sold, and allow people to opt out of marketing. (You can read more about the bill online here.)

Certain cars are more hackable than others: the 2014 Jeep Cherokee, the 2014 Infiniti Q35, 2015 Cadillac Escalade, the 2014 and 2010 Toyota Prius, and the 2014 Ford Fusion, according to research from forensic engineering firm PT&CLWG. The reason? Wired explains: “The first was the size of their wireless ‘attack surface’—features like Bluetooth, Wi-Fi, cellular network connections, keyless entry systems, and even radio-readable tire pressure monitoring systems,” because these radio connections are potential hacker entry points. Also significant: how much access these entries allowed to steering and brakes systems, and lastly, features like automated braking, parking and lane assist.

Yet, as research points out, technology itself may not be the problem. Car manufacturers can fight technology with smart design. The real issue is the network layout of the car. Take the Audi A8, for example, which has wireless features that are separated from its driving functions on the car’s internal network, “with a gateway that would block commands sent to steering or brakes from any compromised radios.” On the other hand, the Cadillac’s Bluetooth and telematics systems are located on the same network as its engine controls, brakes, steering and tire pressure monitor system, leaving these aspects vulnerable.

The least hackable cars, according to recent research, are the 2014 Audi A8, 2014 Dodge Viper, 2014 Honda Accord and Tesla Model S. These cars contain the fewest networked and computerized features, which means that the vehicle’s networks aren’t able to communicate with parts of the computer such as power steering, sunroof and door locks.

Does your car make the most recent most-hackable list? Find out, and learn more about car hacking safety in PT&CLWG’s handy infographic here.

Category: Uncategorized