The rise of car hacking: In-car technology has led to thieves remotely taking over our vehicles
The consequences of a car falling under the control of criminals while travelling at speed could be catastrophic. The race is now on to find ways to stop them
Wednesday 18 September 2013
First it was your personal computer. Then it was your phone. Is your car now the number one target for hackers? It's a scary thought. A PC or smartphone hack might be hazardous to your privacy or financial health. But car hacking raises the stakes to a whole new level. The consequences of a car falling under the control of criminals while travelling at speed could be catastrophic. Then there's the prospect of your pride and joy being pinched courtesy of a smartphone app.
But how likely are these nightmare scenarios? In simple terms, car hacking is already happening. BMW made the headlines – and a slot on the BBC's flagship consumer-rights show, Watchdog – for all the wrong reasons last year following a spate of hi-tech thefts of its cars in the Midlands and east London.
Thieves took advantage of a combination of vulnerabilities in factory-fitted alarm systems and a diagnostic port typically used to read fault codes during servicing. They gained access to the port without triggering the alarm and used it to reprogramme blank keys. The whole process takes just a few minutes and the upshot was thieves in possession of fully functioning keys and making off with expensive BMWs almost at will. BMW has since released a software update to remove the vulnerability. That's reassuring but will be little consolation to those who had their cars stolen.
More recently, cyber-security researchers based in the US showed how the latest safety and self-driving car technology could be turned against vehicle owners.
Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at security firm IOActive, aimed to increase awareness of car hackability by hooking up a Nintendo game-console controller to a US-market Ford Escape SUV.
They were able to accelerate, brake and steer as though they were playing a video game. Except this wasn't a game. It was a very real two-tonne SUV and it had been comprehensively hacked. Miller and Valasek also wired into a Toyota Prius hybrid car using a laptop computer and took control of several safety-critical systems including the brakes.
If there is a good news angle to this, it's that those exploits, along with the BMW thefts, all require physical access to cars. Where things get really worrying is the potential for wireless attacks. What if the bad guys could compromise your car as easily as they take over your laptop's web browser? And do it from behind a computer screen hundreds or thousands of miles away?
And they might just be able to, thanks to two key trends in car tech. The first is automation. The latest cars can pack 30 or more electronic control units or ECUs. These tiny digital brains now have at least partial control over everything from steering and braking to suspension settings and throttle inputs. The problem is, anything controlled by computers is hackable.
Security experts Charlie Miller (left) and Chris Valasek hooked up a Nintendo console controller to a Ford Escape SUV and took it for a spin (Forbes)
The other part of the puzzle is connectivity. Wireless technologies such as Bluetooth and Wi-Fi and cellular data such as 3G are now widespread in new cars, allowing remote access to in-car systems. Most new cars also offer USB connectivity with some level of in-car smartphone syncing or integration. Even if your car doesn't have wireless capability of its own, plugging in a smartphone effectively puts it on the net and at risk of a cyber attack.
It's that combination of automation and connectivity that could create a perfect storm of wireless hackability. If that's the theory, what's the reality of wireless car exploits today? Professor Stefan Savage of the University of California, San Diego, is one of the world's leading experts on automotive cyber security. He told The Independent that wireless attacks are indeed possible. He says he knows this because he and his research team have done just that themselves.
"We demonstrated remote wireless exploitation of vehicles using both Bluetooth and cellular networks via software bugs in media-player firmware and diagnostic systems," Savage reveals. "We then had fairly arbitrary control over other ECUs including the ability to remotely brake or turn off the brakes altogether." Terrifying stuff.
However, Savage doesn't think this necessarily means remote car hacking is an immediate safety concern with current cars.
"This kind of work takes quite a bit of time and skill, not to mention resources to buy test cars. Then there's the question of motive. Who wants to mess with the brakes of a typical driver? What's in it for the attacker? In practice, this kind of attack is about theft and mainly concerns immobiliser, door-lock and engine-start technology," he reckons.
What's more, car-makers are now much more aware of the risks posed by car hacks than even a few years ago. Several car manufacturers we spoke to (see right) emphasise efforts made to separate critical car-control systems from user-accessible and networked features such as multimedia and entertainment set ups.
If history proves anything about modern electronics, it's that there's no such thing as a completely hack-proof computer system. Very likely it's a question of when, not if, cars are stolen or crashed courtesy of a wireless exploit. But cars are made up of multiple systems. They aren't highly integrated devices like laptops or phones. That gives manufacturers a decent shot at restricting hacking to a rare occurrence and preventing cars from suffering the sort of malware plague that currently afflicts personal-computing devices.
The future of road safety depends on it.
Hack attack! How are leading car brands responding?
"Audi UK is aware of a relatively small number of Audi vehicle thefts which have allegedly been carried out using computer technology to eliminate the need for an ignition key. We will always exhaustively investigate any potential threat to the security of our cars in conjunction with the relevant authorities. To date we have absolutely no conclusive proof that our vehicle security systems can be breached in this way."
"We build in firewalls and application 'white-lists' to separate vehicle control systems from the infotainment functionality and connectivity. Cryptography is also used to restrict unwanted updates to multimedia software or access to potentially sensitive information. Software updates must be "code-signed" and recognised as coming from Ford in order to update systems such as SYNC (Ford's in-car multimedia platform)."
"Our COMAND multimedia system can connect to the internet and the assumption may be that this leaves it exposed to hackers. However COMAND operates independently of critical vehicle systems such as braking, steering, accelerating and various safety technologies. Even if COMAND was compromised, our cars would remain safe at all times."
"Our company's focus is to prevent hacking into a vehicle's by-wire control system from a remote/wireless device outside of the vehicle.
"Toyota has developed very effective firewall technology against remote attacks. We believe that our systems are robust and secure."
Life & Style blogs
Watching TV after work makes you feel 'guilty and like a failure'
Zebra meat: Exotic and lean - but does it taste good?
Alien: Isolation preview - If you scream in space, it makes a sound
Xiaomi Mi4: 'Chinese Apple' launches flagship mobile to challenge iPhone
How to make your own gourmet ice lollies, granitas, slushy cocktails and frozen yoghurt
Malaysia Airlines MH17 crash: Vladimir Putin is given 'one last chance' to end hostilities in Ukraine
The 'scroungers’ fight back: The welfare claimants battling to alter stereotypes
The truth about conspiracy theories is that some require considering
Arizona execution lasts two hours as killer Joseph Wood left 'snorting and gasping' for air
Malaysia Airlines MH17 crash: Ukrainian military jet was flying close to passenger plane before it was shot down, says Russian officer
Malaysia Airlines MH17 crash: Massive rise in sale of British arms to Russia
- 1 Malaysian cyclist could face disciplinary action after 'Save Gaza' gloves protest
- 2 Is Gideon Levy the most hated man in Israel or just the most heroic?
- 3 McDonald’s removes chicken nuggets from the menu in Hong Kong amid major food scare
- 4 Students offered grants if they tweet pro-Israeli propaganda
- 5 Satellite full of sexually experimental geckos adrift in space, Russia loses control of mission
£600 - £650 per day: Orgtel: Conduct Risk Liaison Manager - Banking - London -...
Highly Attractive Package: Austen Lloyd: CITY - COMMERCIAL LITIGATION - GLOBAL...
£65000 - £75000 per annum + Benefits: Progressive Recruitment: The client is a...
£40000 - £45000 per annum: Ashdown Group: A well-established software house ba...