Are modern cars vulnerable to hackers?

A new Maserati would be nice, right? But is it vulnerable to a high-tech attack?
Kaveh Kazemi/Getty Images

Just about anybody who knows what a computer is also knows that computers can make tempting targets. Perhaps you've even been the victim at some time or another of a computing hack against your desktop or laptop PC -- once you realize it, it's not a good feeling. Private, personal information, bank and credit accounts, and your very identity are all at risk.

But it could be a lot worse -- what if someone found a way to electronically hack your car? Hypothetically, they could jam the accelerator as you were rounding a bend overlooking a steep cliff. Or they could disable the brakes with a few simple commands sent wirelessly.

Advertisement

It sounds like a premise ripe for its own Hollywood franchise: "High-Tech Hit Man." But seriously, are modern cars really vulnerable to hackers?

First, the bad news: yes.

Despite their mechanical, non-electronic origins, modern cars have become self-contained digital networks, with perhaps dozens of computers communicating with each other. Millions of lines of computer code populate the software directing these computers.

Anyone smart enough and dedicated enough to learn how these systems work can manipulate them in ways that the original designers never intended -- in other words, hack them.

(For the record, we realize that not all "hackers" have malevolent intent on their agenda. But for the purpose of this article, anyone who willfully circumvents an automobile computer system has "hacked" it, regardless of motivation, hence the blanket use of the hacker label in this piece.)

If there were any doubts, researchers from the University of California, San Diego, and the University of Washington put them to rest with their alarming exploits of a popular, unnamed late-model car. In their 2011 paper detailing the hacks, they explained how the Controller Area Network, an internal information highway on modern cars, presents a large target area to potential hackers. By sneaking in malicious commands through the car's satellite radio, internal Wi-Fi or even on an infected CD, the researchers were able to compromise the car's entire network of computers [source: Savage, Stefan, et al].

For the time being, computerized car hacks have been confined almost exclusively to the realm of research. But that doesn't mean they won't someday pose a more common threat. If a baddie can gain access to a modern car's on-board diagnostics port (a connection that's also called the OBD II and is mandatory in the United States), he or she can run any number of exploits, including theft of the car outright.

Modern defense systems including car alarms, laser-cut keys and so-called "smart keys" are no guarantee of invincibility, either.

At least one popular online video shows a BMW being ripped off and driven away by a gang of teched-out thugs in about three minutes. They do resort to breaking a window to get into the vehicle -- pretty oafish by hacker standards -- but they then use an electronic device to override the car's electronic defenses and drive off into the night [source: Protalinski].

A somewhat more refined car hack, if you will, made headlines in 2010 when a then-20-year-old ex-employee of an Austin, Texas, auto dealership decided to exact revenge on his former employer. The disgruntled man monkeyed with the dealership's vehicle tracking system to remotely hack the vehicles of nearly 100 people. Those vehicles had a dealer-installed receiver that allowed the dealer to send wireless "reminders" of delinquent payments. They weren't subtle -- when transmitted, the signals could activate car horns and disable ignitions. The angry technical wizard's rampage caused car horns to blare and engine ignitions to immobilize, all to the puzzlement of the paid-up vehicles' owners [source: Poulsen].

Those cars had devices pre-installed that let a dealer (or rogue ex-employee) impair them if a buyer failed to make timely payments. Perhaps a bigger worry, though, is the possibility of a car's being controlled without a hacker ever having to touch it.

Advertisement

Modern Cars vs. Hackers: Remote Hacking

Are ghosts in our motoring machines an inevitability? Should we go back to the horse and buggy days?

Not necessarily. There is some good news, for the time being, anyway: Cars are singularly unattractive to most hackers because they're, well, so singular. The things that thrill hackers, namely notoriety, respect from peers, and everyone's favorite, cash, simply don't scale on individual cars like they do with "regular" computing exploits -- which can affect many thousands of people with each successful hacking attempt.

Advertisement

Also, the older your car is (and therefore the less electronically integrated), the fewer openings a would-be car hacker has from which to stage an attack.

On the other hand, if a malevolent hacker and his buddies:

  • Have an axe to grind with you in particular
  • Are hired by a business rival, a vengeful ex-lover or a political foe of yours
  • Randomly pick you as a "project demonstration" for a new type of hack

... and you own a later model car, then they might consider it worthwhile to mess with your car.

Another thing to consider: desirable vehicles are also desirable to criminals, especially intelligent criminals who know their tech. High-end car thieves target expensive automobiles for two reasons: They fetch a good price and many would-be buyers don't ask questions about where they came from. But as security mechanisms on pricey (and now even mid-range) cars have gotten more sophisticated, so have the criminals.

The Holy Grail of car hacks is to snatch control of a car without ever having to physically touch it. On most current cars, which aren't connected to any outside networks such as the Internet, this isn't very practical. However, as more vehicles use wireless technology to connect with one another and with outside services like telematics, the vulnerabilities grow.

The University of California, San Diego, and University of Washington researchers noted that it's possible to hijack currently available vehicles remotely. In their report they wrote:

"We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft" [source: Savage, Stefan, et al].

In other words, hackers can get their grubby little mitts on certain vehicles, virtually, in multiple ways. In turn, they can take over many of the driving controls, track targeted cars, eavesdrop on conversations and steal cars outright.

Will they actually want to go through all the trouble, when there are much more efficient ways out there to steal and harass? That remains to be seen.

Advertisement

Lots More Information

Author's Note: Are modern cars vulnerable to hackers?

If you haven't experienced it yet, know that being a victim of high-tech crime is no picnic. I got an inconvenient reminder of this fact when a fraudster hacked my debit card -- the very week I wrote this article!

Thieves and thugs will always find ways to take things they did not work for, whether those ill-gotten gains happen to be digital dollars or electronically "protected" cars. The most astonishing thing for me in writing this piece was learning just how vulnerable modern automobiles are to high-tech attack. As much as I love car gadgetry, I'd have to think twice about using my car as an integrated, cloud-connected "hub" for my digital life -- an objective many car companies and suppliers seem to be pushing toward. Researchers have already demonstrated the potential, if not yet the real-world threat, of vehicular mischief through on-board computers. I guess it's worrying news for drivers, but a great development for PC antivirus companies looking to expand!

That said, I think the same advice applies as always: Enjoy the convenience that technology provides, but go in aware of the risks and how you can reduce your vulnerability.

Related Articles

  • Barry, Keith. "Can Your Car Be Hacked?" Car and Driver. July 2011 (August issue). (Nov. 19, 2012) http://www.caranddriver.com/features/can-your-car-be-hacked-feature
  • Boatman, Kim. "Can Your Car Be Hacked?" Norton (Symantec). (Nov. 20, 2012) http://us.norton.com/yoursecurityresource/detail.jsp?aid=car_computer
  • Burgess, Rick. "Car viruses? Intel aims to protect drivers from hackers." Techspot. Aug. 21, 2012. (Nov. 19, 2012) http://www.techspot.com/news/49858-car-viruses-intel-aims-to-protect-drivers-from-hackers.html
  • Finkle, Jim. "Hacker attack on your car's computer could be lethal: experts." Reuters, via The Globe and Mail. Aug. 20, 2012. (Nov. 19, 2012) http://www.theglobeandmail.com/technology/tech-news/hacker-attack-on-your-cars-computer-could-be-lethal-experts/article4489553/
  • Howard, Bill. "Hack the diagnostics connector, steal yourself a BMW in 3 minutes." Extremetech. July 10, 2012. (Nov. 19, 2012) http://www.extremetech.com/extreme/132526-hack-the-diagnostics-connector-steal-yourself-a-bmw-in-3-minutes
  • Lawton, George. "Could Hackers Take Your Car for a Ride?" Computing Now. December 2011. (Nov. 17, 2012) http://www.computer.org/portal/web/computingnow/news/could-hackers-take-your-car-for-a-ride
  • Lim, Dawn. "Hacking Cars to Keep Them Safe." MIT Technology Review. Jan. 30, 2012. (Nov. 20, 2012) http://www.technologyreview.com/news/426733/hacking-cars-to-keep-them-safe/
  • Neild, Barry. "Could hackers seize control of your car?" CNN. March 2, 2012. (Nov. 19, 2012) http://www.cnn.com/2012/03/02/tech/mobile/mobile-car-hacking/index.html
  • Poulsen, Kevin. "Hacker Disables More Than 100 Cars Remotely." Wired. March 17, 2010. (Nov. 19, 2012) http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/
  • Protalinski, Emil. "Hackers steal keyless BMW in under 3 minutes (video)." ZDNet. July 9, 2012. (Nov. 19, 2012) http://www.zdnet.com/hackers-steal-keyless-bmw-in-under-3-minutes-video-7000000507/
  • Read, Richard. "Hackers Are Targeting Cars, Says Antivirus Software Company." The Car Connection. Sept. 8, 2011. (Nov. 19, 2012) http://www.thecarconnection.com/news/1065911_hackers-are-targeting-cars-says-antivirus-software-company
  • Ridden, Paul. "Automobile computer systems successfully hacked." Gizmag. May 20, 2010. (Nov. 19, 2012) http://www.gizmag.com/vehicle-computer-systems-hacks/15156/
  • Savage, Stefan, et al. "Comprehensive Experimental Analyses of Automotive Attack Surfaces." University of California, San Diego and University of Washington research report. 2011. (Nov. 26, 2012) http://www.autosec.org/pubs/cars-usenixsec2011.pdf
  • Savov, Vlad. "Research shocker! Keyless car entry systems can be hacked easily, elegantly." Engadget. Jan. 16, 2011. (Nov. 17, 2012) http://www.engadget.com/2011/01/16/research-shocker-keyless-car-entry-systems-can-be-hacked-easily/
  • Taylor, Peter Shawn. "Hackers have scopes set on your automobile." The Gazette. Feb. 8, 2012. (Nov. 18, 2012) http://www.montrealgazette.com/cars/Hackers+have+scopes+your+automobile/6120551/story.html
Citation

Advertisement

Loading...