The rise of car hacking: In-car technology has led to thieves remotely taking over our vehicles

The consequences of a car falling under the control of criminals while travelling at speed could be catastrophic. The race is now on to find ways to stop them

First it was your personal computer. Then it was your phone. Is your car now the number one target for hackers? It's a scary thought. A PC or smartphone hack might be hazardous to your privacy or financial health. But car hacking raises the stakes to a whole new level. The consequences of a car falling under the control of criminals while travelling at speed could be catastrophic. Then there's the prospect of your pride and joy being pinched courtesy of a smartphone app.

But how likely are these nightmare scenarios? In simple terms, car hacking is already happening. BMW made the headlines – and a slot on the BBC's flagship consumer-rights show, Watchdog – for all the wrong reasons last year following a spate of hi-tech thefts of its cars in the Midlands and east London.

Thieves took advantage of a combination of vulnerabilities in factory-fitted alarm systems and a diagnostic port typically used to read fault codes during servicing. They gained access to the port without triggering the alarm and used it to reprogramme blank keys. The whole process takes just a few minutes and the upshot was thieves in possession of fully functioning keys and making off with expensive BMWs almost at will. BMW has since released a software update to remove the vulnerability. That's reassuring but will be little consolation to those who had their cars stolen.

More recently, cyber-security researchers based in the US showed how the latest safety and self-driving car technology could be turned against vehicle owners.

Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of security intelligence at security firm IOActive, aimed to increase awareness of car hackability by hooking up a Nintendo game-console controller to a US-market Ford Escape SUV.

They were able to accelerate, brake and steer as though they were playing a video game. Except this wasn't a game. It was a very real two-tonne SUV and it had been comprehensively hacked. Miller and Valasek also wired into a Toyota Prius hybrid car using a laptop computer and took control of several safety-critical systems including the brakes.

If there is a good news angle to this, it's that those exploits, along with the BMW thefts, all require physical access to cars. Where things get really worrying is the potential for wireless attacks. What if the bad guys could compromise your car as easily as they take over your laptop's web browser? And do it from behind a computer screen hundreds or thousands of miles away?

And they might just be able to, thanks to two key trends in car tech. The first is automation. The latest cars can pack 30 or more electronic control units or ECUs. These tiny digital brains now have at least partial control over everything from steering and braking to suspension settings and throttle inputs. The problem is, anything controlled by computers is hackable.

Security experts Charlie Miller (left) and Chris Valasek hooked up a Nintendo console controller to a Ford Escape SUV and took it for a spin (Forbes) Security experts Charlie Miller (left) and Chris Valasek hooked up a Nintendo console controller to a Ford Escape SUV and took it for a spin (Forbes)  

The other part of the puzzle is connectivity. Wireless technologies such as Bluetooth and Wi-Fi and cellular data such as 3G are now widespread in new cars, allowing remote access to in-car systems. Most new cars also offer USB connectivity with some level of in-car smartphone syncing or integration. Even if your car doesn't have wireless capability of its own, plugging in a smartphone effectively puts it on the net and at risk of a cyber attack.

It's that combination of automation and connectivity that could create a perfect storm of wireless hackability. If that's the theory, what's the reality of wireless car exploits today? Professor Stefan Savage of the University of California, San Diego, is one of the world's leading experts on automotive cyber security. He told The Independent that wireless attacks are indeed possible. He says he knows this because he and his research team have done just that themselves.

"We demonstrated remote wireless exploitation of vehicles using both Bluetooth and cellular networks via software bugs in media-player firmware and diagnostic systems," Savage reveals. "We then had fairly arbitrary control over other ECUs including the ability to remotely brake or turn off the brakes altogether." Terrifying stuff.

However, Savage doesn't think this necessarily means remote car hacking is an immediate safety concern with current cars.

"This kind of work takes quite a bit of time and skill, not to mention resources to buy test cars. Then there's the question of motive. Who wants to mess with the brakes of a typical driver? What's in it for the attacker? In practice, this kind of attack is about theft and mainly concerns immobiliser, door-lock and engine-start technology," he reckons.

What's more, car-makers are now much more aware of the risks posed by car hacks than even a few years ago. Several car manufacturers we spoke to (see right) emphasise efforts made to separate critical car-control systems from user-accessible and networked features such as multimedia and entertainment set ups.

If history proves anything about modern electronics, it's that there's no such thing as a completely hack-proof computer system. Very likely it's a question of when, not if, cars are stolen or crashed courtesy of a wireless exploit. But cars are made up of multiple systems. They aren't highly integrated devices like laptops or phones. That gives manufacturers a decent shot at restricting hacking to a rare occurrence and preventing cars from suffering the sort of malware plague that currently afflicts personal-computing devices.

The future of road safety depends on it.

Hack attack! How are leading car brands responding?

Audi

"Audi UK is aware of a relatively small number of Audi vehicle thefts which have allegedly been carried out using computer technology to eliminate the need for an ignition key. We will always exhaustively investigate any potential threat to the security of our cars in conjunction with the relevant authorities. To date we have absolutely no conclusive proof that our vehicle security systems can be breached in this way."

Ford

"We build in firewalls and application 'white-lists' to separate vehicle control systems from the infotainment functionality and connectivity. Cryptography is also used to restrict unwanted updates to multimedia software or access to potentially sensitive information. Software updates must be "code-signed" and recognised as coming from Ford in order to update systems such as SYNC (Ford's in-car multimedia platform)."

Mercedes-Benz

"Our COMAND multimedia system can connect to the internet and the assumption may be that this leaves it exposed to hackers. However COMAND operates independently of critical vehicle systems such as braking, steering, accelerating and various safety technologies. Even if COMAND was compromised, our cars would remain safe at all times."

Toyota

"Our company's focus is to prevent hacking into a vehicle's by-wire control system from a remote/wireless device outside of the vehicle.

"Toyota has developed very effective firewall technology against remote attacks. We believe that our systems are robust and secure."

News
Susan Sarandon described David Bowie as
peopleSusan Sarandon reveals more on her David Bowie romance
Sport
sportDidier Drogba returns to Chelsea on one-year deal
News
people
Arts and Entertainment
Christian Grey cradles Ana in the Fifty Shades of Grey film
filmFifty Shades of Grey trailer provokes moral outrage in US
PROMOTED VIDEO
Sport
Louis van Gaal would have been impressed with Darren Fletcher’s performance against LA Galaxy during Manchester United’s 7-0 victory
football
Voices
The new dawn heralded by George Osborne has yet to rise
voicesJames Moore: As the Tories rub their hands together, the average voter will be asking why they're not getting a piece of the action
Sport
Dejan Lovren celebrates scoring for Southampton although the goal was later credited to Adam Lallana
sport
News
newsComedy club forced to apologise as maggots eating a dead pigeon fall out of air-conditioning
Arts and Entertainment
Jo Brand says she's mellowed a lot
tvJo Brand says shows encourage people to laugh at the vulnerable
Life and Style
People may feel that they're procrastinating by watching TV in the evening
life
Sport
Rhys Williams
commonwealth games
News
Isis fighters travel in a vehicle as they take part in a military parade along the streets of Syria's northern Raqqa province
i100
Arts and Entertainment
Southern charm: Nicolas Cage and Tye Sheridan in ‘Joe’
filmReview: Actor delivers astonishing performance in low budget drama
Life and Style
fashionLatex dresses hit the catwalk to raise awareness for HIV and Aids
Travel
travel
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs General

    Senior Risk Manager - Banking - London - £650

    £600 - £650 per day: Orgtel: Conduct Risk Liaison Manager - Banking - London -...

    Commercial Litigation Associate

    Highly Attractive Package: Austen Lloyd: CITY - COMMERCIAL LITIGATION - GLOBAL...

    Systems Manager - Dynamics AX

    £65000 - £75000 per annum + Benefits: Progressive Recruitment: The client is a...

    Service Delivery Manager (Software Development, Testing)

    £40000 - £45000 per annum: Ashdown Group: A well-established software house ba...

    Day In a Page

    Backhanders, bribery and abuses of power have soared in China as economy surges

    Bribery and abuses of power soar in China

    The bribery is fuelled by the surge in China's economy but the rules of corruption are subtle and unspoken, finds Evan Osnos, as he learns the dark arts from a master
    Commonwealth Games 2014: Highland terriers stole the show at the opening ceremony

    Highland terriers steal the show at opening ceremony

    Gillian Orr explores why a dog loved by film stars and presidents is finally having its day
    German art world rocked as artists use renowned fat sculpture to distil schnapps

    Brewing the fat from artwork angers widow of sculptor

    Part of Joseph Beuys' 1982 sculpture 'Fettecke' used to distil schnapps
    BBC's The Secret History of Our Streets reveals a fascinating window into Britain's past

    BBC takes viewers back down memory lane

    The Secret History of Our Streets, which returns with three films looking at Scottish streets, is the inverse of Benefits Street - delivering warmth instead of cynicism
    Joe, film review: Nicolas Cage delivers an astonishing performance in low budget drama

    Nicolas Cage shines in low-budget drama Joe

    Cage plays an ex-con in David Gordon Green's independent drama, which has been adapted from a novel by Larry Brown
    How to make your own gourmet ice lollies, granitas, slushy cocktails and frozen yoghurt

    Make your own ice lollies and frozen yoghurt

    Think outside the cool box for this summer's tempting frozen treats
    Ford Fiesta is UK's most popular car of all-time, with sales topping 4.1 million since 1976

    Fiesta is UK's most popular car of all-time

    Sales have topped 4.1 million since 1976. To celebrate this milestone, four Independent writers recall their Fiestas with pride
    10 best reed diffusers

    Heaven scent: 10 best reed diffusers

    Keep your rooms smelling summery and fresh with one of these subtle but distinctive home fragrances that’ll last you months
    Commonwealth Games 2014: Female boxers set to compete for first time

    Female boxers set to compete at Commonwealth Games for first time

    There’s no favourites and with no headguards anything could happen
    Five things we’ve learned so far about Manchester United under Louis van Gaal

    Five things we’ve learned so far about United under Van Gaal

    It’s impossible to avoid the impression that the Dutch manager is playing to the gallery a little
    Screwing your way to the top? Good for Lana Del Rey for helping kill that myth

    Screwing your way to the top?

    Good for Lana Del Rey for helping kill that myth, says Grace Dent
    Will the young Britons fighting in Syria be allowed to return home and resume their lives?

    Will Britons fighting in Syria be able to resume their lives?

    Tony Blair's Terrorism Act 2006 has made it an offence to take part in military action abroad with a "political, ideological, religious or racial motive"
    Beyoncé poses as Rosie the Riveter, the wartime poster girl who became a feminist pin-up

    Beyoncé poses as Rosie the Riveter

    The wartime poster girl became the ultimate American symbol of female empowerment
    The quest to find the perfect pair of earphones: Are custom, 3D printed earbuds the solution?

    The quest to find the perfect pair of earphones

    Earphones don't fit properly, offer mediocre audio quality and can even be painful. So the quest to design the perfect pair is music to Seth Stevenson's ears
    US Army's shooting star: Lt-Col Steven Cole is the man Hollywood calls when it wants to borrow a tank or check a military uniform

    Meet the US Army's shooting star

    Lt-Col Steven Cole is the man Hollywood calls when it wants to borrow a tank or check a military uniform