Are modern cars vulnerable to hackers?

A new Maserati would be nice, right? But is it vulnerable to a high-tech attack?
A new Maserati would be nice, right? But is it vulnerable to a high-tech attack?
Kaveh Kazemi/Getty Images

Just about anybody who knows what a computer is also knows that computers can make tempting targets. Perhaps you've even been the victim at some time or another of a computing hack against your desktop or laptop PC -- once you realize it, it's not a good feeling. Private, personal information, bank and credit accounts, and your very identity are all at risk.

But it could be a lot worse -- what if someone found a way to electronically hack your car? Hypothetically, they could jam the accelerator as you were rounding a bend overlooking a steep cliff. Or they could disable the brakes with a few simple commands sent wirelessly.

It sounds like a premise ripe for its own Hollywood franchise: "High-Tech Hit Man." But seriously, are modern cars really vulnerable to hackers?

First, the bad news: yes.

Despite their mechanical, non-electronic origins, modern cars have become self-contained digital networks, with perhaps dozens of computers communicating with each other. Millions of lines of computer code populate the software directing these computers.

Anyone smart enough and dedicated enough to learn how these systems work can manipulate them in ways that the original designers never intended -- in other words, hack them.

(For the record, we realize that not all "hackers" have malevolent intent on their agenda. But for the purpose of this article, anyone who willfully circumvents an automobile computer system has "hacked" it, regardless of motivation, hence the blanket use of the hacker label in this piece.)

If there were any doubts, researchers from the University of California, San Diego, and the University of Washington put them to rest with their alarming exploits of a popular, unnamed late-model car. In their 2011 paper detailing the hacks, they explained how the Controller Area Network, an internal information highway on modern cars, presents a large target area to potential hackers. By sneaking in malicious commands through the car's satellite radio, internal Wi-Fi or even on an infected CD, the researchers were able to compromise the car's entire network of computers [source: Savage, Stefan, et al].

For the time being, computerized car hacks have been confined almost exclusively to the realm of research. But that doesn't mean they won't someday pose a more common threat. If a baddie can gain access to a modern car's on-board diagnostics port (a connection that's also called the OBD II and is mandatory in the United States), he or she can run any number of exploits, including theft of the car outright.

Modern defense systems including car alarms, laser-cut keys and so-called "smart keys" are no guarantee of invincibility, either.

At least one popular online video shows a BMW being ripped off and driven away by a gang of teched-out thugs in about three minutes. They do resort to breaking a window to get into the vehicle -- pretty oafish by hacker standards -- but they then use an electronic device to override the car's electronic defenses and drive off into the night [source: Protalinski].

A somewhat more refined car hack, if you will, made headlines in 2010 when a then-20-year-old ex-employee of an Austin, Texas, auto dealership decided to exact revenge on his former employer. The disgruntled man monkeyed with the dealership's vehicle tracking system to remotely hack the vehicles of nearly 100 people. Those vehicles had a dealer-installed receiver that allowed the dealer to send wireless "reminders" of delinquent payments. They weren't subtle -- when transmitted, the signals could activate car horns and disable ignitions. The angry technical wizard's rampage caused car horns to blare and engine ignitions to immobilize, all to the puzzlement of the paid-up vehicles' owners [source: Poulsen].

Those cars had devices pre-installed that let a dealer (or rogue ex-employee) impair them if a buyer failed to make timely payments. Perhaps a bigger worry, though, is the possibility of a car's being controlled without a hacker ever having to touch it.