How Hackers Can Take Over Your Car While You're Driving
When you're driving down the highway, there's nothing scarier than losing control of your vehicle. Hackers may soon make that situation a lot more common. However, instead of this happening because of something in the road, you could lose control because of something in your car's onboard computer.
A Case of Car Hacking
Cybersecurity researchers Charlie Miller and Chris Valasek proved just how possible this scenario could be when they literally took over a vehicle while it was driving down a highway outside of St. Louis, Missouri. The researchers were demonstrating the existence of a severe vulnerability in the onboard computer of their Jeep Cherokee.
The flaw in the vehicle's computer allowed Miller and Valasek to wirelessly send commands to the steering, transmission, and braking systems as well as more minor things like the air conditioning unit and the radio. It also let them track the vehicle's speed, route, and location, which added a surveillance aspect to the hack.
In a July 2015 article by Wired writer Andy Greenberg, the two experts explained that the hack would work on any Chrysler, Dodge, Fiat, or Jeep vehicle with a built-in Uconnect computer system that was manufactured in late 2013, all of 2014, or early 2015. By their estimate, this equaled as many as 471,000 vulnerable vehicles.
The hack works by accessing these vehicles via their connection to the Sprint cellular network. With only his laptop and a cheap burner phone, Miller was able to home in on possible targets that were located in places across the US. The lack of any real range limitation highlights the massive scope of this hacking technique.
Miller and Valasek contacted Fiat Chrysler Automobiles months before they unveiled the flaw, and the company released a patch for the security hole in July 2015. However, the patch was not sent out wirelessly and can only be deployed at a dealership or through the use of a USB drive. To ensure that vehicles receive the patch, the multinational corporation issued a recall of approximately 1.4 million cars.
Breaking into Cars' Computers
This was not the first time that Miller and Valasek had broken into a vehicle's computer system. In 2013, they successfully hacked a Ford Escape and a Toyota Prius. At the time, critics were quick to claim that the cybersecurity experts were only able to accomplish this feat by creating a wired connection to the vehicles' onboard computers.
In response to that criticism, Miller and Valasek said that wireless attacks were already a reality, and pointed to research done in 2010 by a group of academics at the University of Washington and the University of California, San Diego. The researchers were able to wirelessly infiltrate the same systems that Miller and Valasek targeted in their 2013 efforts. In Valasek's words, the point of their endeavor wasn't to show that a hacker could get inside a car's system, but rather that they could "do a lot of crazy things once [they were] inside."
Nevertheless, the criticism sparked their desire to hack a car wirelessly. Before settling on the Jeep Cherokee as their target, the two experts investigated and rated the cybersecurity measures of 24 vehicles. While the Jeep was determined to be the weakest, other popular brands like the Cadillac Escalade and the Infiniti Q50 were also considered to be remarkably vulnerable to digital threats.
Efforts to Stop Car Hacking
At the moment, there are very few things that people can do to protect their cars from cyberattacks, aside from updating their Fiat Chrysler vehicles with the necessary patches. The lack of options on an individual level doesn't mean that the issue is going unaddressed, since there has been a notable governmental effort in this area. Legislators and national authorities around the world have begun researching ways in which they can mandate better cybersecurity practices in the automotive industry. Standards on the subject aim to govern how car manufacturers defend vehicles from cyberattacks and protect customers' personal information, such as the location records gathered by their GPS-equipped vehicles.
The world's automobile market is rapidly filling up with vehicles that feature more and more digital functionalities. There are even some cars that are entirely computer-controlled, as is the case with driverless vehicles currently being developed by companies like Google, Mercedes-Benz, and General Motors. The increasing use of onboard computers emphasises the need to improve cybersecurity parameters in vehicles. If this need isn't met, society could soon find itself facing a new generation of hackers capable of taking over cars from thousands of miles away.
About the Author
Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support, which are: Poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.
We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.