Should You Lose Sleep Over Car Hacking?
Today’s world is a hacker’s playground. Every few months, you hear about websites falling victim to cyber attacks. The White House has been hacked, perhaps forcing a groggy Obama to deal with the crisis while still in his pjs. More recently, hackers exposed the folks on Ashley Madison, rendering the excuses of many men and women, useless. Unfortunately, websites aren’t the only targets. Due to the installation of modern technology in new vehicles, there are concerns of a new security threat – car hacking (not necessarily the same thing as carjacking). You may have heard some recent reports of this in the news, or read about them online. But should they scare you?
Sorry to break the news to you, but your car may be a moving target. Now that your average automobile is so high-tech, it appears that cyber criminals have more opportunities to break into them and cause mayhem from a distance. And some of the reports are true – a few individuals with too much time on their hands can seize control over your car from far away. In effect, they have literally turned some vehicles into remote-controlled cars. Understandably, it is frightening.
The Jeep that Went to Sleep
Andy Greenberg, a writer for WIRED, volunteered to sit behind the wheel of a hacked Jeep Cherokee. While driving in downtown St. Louis, the car started “acting up” – the AC started blasting, the radio changed to a local hip-hop station, and the windshield wipers turned on – all of this happened without him laying a finger on the dashboard. And if that wasn’t enough, cyber security researchers, Charlie Miller and Chris Valasek hacked the Jeep even further while Greenberg was driving (reminding him not to panic). The result?
The accelerator stopping working despite Greenberg pressing hard on the pedal, slowing the car down to a snail’s pace. Frantically trying to avoid traffic, he managed to dodge a collision with a semi-trailer, and was luckily able to bring the car onto an exit ramp where he could safely continue the experiment. To make a long (horror) story short, the Jeep ended sliding into a ditch when Miller seized the brakes. Fortunately, Greenberg walked away unharmed.
To Miller and Valasek, taking control of the Jeep probably felt like a racing game. Thanks to their hack, they could kill the engine, track the Jeep’s coordinates, and even steer it (although it would have to be in reverse). There are a few lesson you could take away from this: 1) High-tech cars are vulnerable to cyber hacks, 2) Manufacturers will have to step up their security measures 3) Don’t get Charlie Miller or Chris Valasek angry – you won’t like what happens if you do.
9 Hackable Cars
These nine cars were afflicted with the security glitch that made them prone to cyber hacks.
- 2014 Jeep Cherokee – Andy Greenberg knows about the Jeep Cherokee firsthand. Miller and Valasek demonstrated their ability to take control of the car’s steering systems, brakes and engines. They could also disengage its lane-departure warnings and crash mitigation systems.
- 2014 Infiniti Q50 – The Q50 wasn’t as problematic as the Cherokee, but its vulnerabilities included steering and cruise control which could be seized by hackers.
- 2014 Toyota Prius – Miller and Valasek experimented on the Prius back in 2013. They were able to sabotage self-parking and collision avoidance systems. Additionally, they were able to compromise the car’s keyless entry and radio/cellular networks.
- 2014 Ford Fusion – Wi-Fi and Bluetooth connectivity suffer when the Ford Fusion gets hacked. Additional vulnerabilities include problems with remote keyless entry, and navigation.
- 2014 BMW X3 – Much like the Ford Fusion, the hacking of a BMW X3 might not be too dangerous, but it would annoy a driver. There are issues with the AM/FM/XM radio, remote keyless entry and Bluetooth/Wi-Fi connections.
- 2014 Chrysler 300 – The Chrysler 300 looks tough when it sits on the road, but a little tampering has proved otherwise. Hackers can fiddle with its cruise control and park assist, along with its wireless connectivity (Wi-Fi/Bluetooth) and radio (AM/FM/XM).
- 2014 Range Rover Evoque – The Range Rover Evoque appears to have serious weak spots in terms of security. Hackers can mess with several electronic features, such as its cruise control, power-steering and self-parking. Additionally, they can control the Rover’s keyless entry features and wireless settings.
- 2010 Toyota Prius – Much like the 2014 edition, the 2010 Prius had its self-park and pre-collision systems compromised. Also, it’s AM/FM/XM radio was at risk, along with its Bluetooth connectivity and keyless entry.
- 2015 Cadillac Escalade – If you thought gas expenses are the bane of owning an Escalade, there’s more to think about. Car hacking one of these beasts could cause problems with the engine, braking, and steering. It’s wireless connectivity (Wi-Fi/Bluetooth) and keyless entry could also be affected to varying degrees.
No Need for Nightmares
Reading Andy Greenberg’s story will certainly scare some of you. But there’s good news. Miller and Valasek are among a gifted few who have the skills to actually pull off a cyber attack on cars. They’ve worked on this for many years, tampering with computer systems in cars to learn their weaknesses. They won’t publish the code used for their hacks, and they wouldn’t even disclosed the now patched flaw that made their hack possible.
Even more reassuring, is the fact that the duo has been responsible for the car hacks you’ve probably heard about in the past. And they conducted these experiments for good reason. As mentioned before, they’re researchers in the area of cybersecurity – their experiments have made it clear, that car manufacturers need to revamp the security devices of their cars. So if you think there’s a legion of bored teenagers ready to choose your car for a Need for Speed-like race session, don’t worry. The concerns have already gone global, and you can expect manufacturers to take swift action.
In fact, this is already taking place. Thanks to Miller and Valasek’s experiment, automakers recalled the affected vehicles, and have released software updates to fix the vulnerabilities that led to the breeches in the first place. You can expect these security measures to increase over time as well.
Keep Calm and Drive On
Car hacking is real, and it is something that we’ll all have to watch out for. However, it would also be unrealistic to sit there and worry excessively about your car getting attacked. Take a look at your other devices. Most of you who own a phone, tablet or game console have never experienced any cyberattacks. And you can continue to live freely without facing hackers, provided you have a strong password (which you don’t give out), and avoid behaviours that could expose you to cyber criminals.
Of course there are those of you who have been unfortunate – perhaps having your Instagram or Facebook account hacked. It usually requires help of the support team from the website owners (and even the authorities) to help prevent the full extent of damage caused by leaked or lost information. In the process, many of these hacks have been reduced because of software updates that increase security.
In terms of cars, there are security measures put in place, such as the ones listed in previous sections of this article. Manufacturers are developing software that will make cars less vulnerable to these hacks, much like the updates for your iPhone. In due time, hackers may only be able to attack your car if they’re in the car with you. And by then, cars will probably have eject buttons. 😉