Forget car jacking, car hacking is now in full force. Criminals and delinquents can now purchase cheap gadgets online to get into your car! It is clear that the days of smashed windows, and copied keys are gone. It is the dawn of a new technological age! Are we fully prepared for these tech savvy thieves?
Complicated computer devices
The most complicated computer device you own will now be parked on your driveway. The ECU unit in your car is the most complicated device within the car as it is made up of up to 200 small embedded computers. The units are so sophisticated that they can tell you when you are wandering from your lane and can alert you about an oncoming crash faster than you can see it. These units are not made by car manufacturers but come from other companies who won't reveal information about how they work. Sometimes the computer components in a car are made by several different companies. This lack of transparency really disturbs organisations such as I Am The Cavalry (IATC) who aim to communicate information from professional security testers to people.
Charlie Miller and Chris Valasek of security firm IOActive have lead the way in hacking into the computer systems in cars for research purposes. They took the cars apart to see if they could get to the Controller Area Network (CAN) which would enable them to control the vehicle. Their aim was to hack into a range of different makes and models of cars to see how easy it was to do. At a recent hacker conference in America they produced their findings which were quite worrying, they found issues nearly everywhere they looked even including the anti-theft systems!
The Hackability Table and the test results displayed by - Miller & Vasalek
The Hackability Test with results
Miller and Valasek didn't do any hands on hacking instead they wanted to assess how easy it was to remotely access the vehicles. So they signed up for mechanics’ accounts on the websites of all the car makers and downloaded the cars’ technical manuals and wiring diagrams. The documents enabled them to analyse the computer networks used in the cars.
They used three factors to base their 'hackability' ratings on:
- The size of their wireless “attack surface”—features like Bluetooth, Wi-Fi, cellular network connections, and keyless entry systems. These radio connections could be easily accessed by a hacker to gain control of the car.
- The vehicles’ network architecture - how much access there was to the more critical systems such as steering and brakes.
- The cars’ “cyberphysical” features - functions like automated braking, parking and lane assist that could transform a few rogue digital commands into an actual out-of-control car.
Miller and Valasek found that it was easy to access the steering and cruise control of the Infinity Q50. They also found that automated features in the Jeep 2014 Cherokee could be triggered at high speeds.
Miller and Valasek’s findings represented in a single chart. A plus sign represents “more hackable,” a minus sign “less hackable.”
Credit: Charlie Miller and Chris Valasek
A possible solution to hacking?
anti hacking car device developed by Charlie Miller and Chris Valasek
As wi-fi is being introduced into cars and smartphones are being connected to cars - in some cases into dashboards it makes it much easier for hackers as web browsers are often their target. Valasek says: “Our main takeaway is that companies should consider security before adding pieces onto an automobile, especially when those pieces have remote connectivity or cyberphysical attributes.”
Both he and Miller have strongly recommended that car and auto computer device manufacturers should take action to prevent hacking. At a recent Black Hat Security conference in LA they put their money where their mouth is and produced their own solution. They created a prototype of an intrusion detection device for cars that can plug directly into a car's network to monitor and block suspicious commands. The device costs $150 and manufacturers could embed it into their cars. When the device detects something it shortcuts the CAN bus and disables all CAN messages. to protect the driver and car. Hopefully this research and the device they have created will really make car manufacturers consider cyber security in cars much more.
Over here in the UK Theresa May has reported that car thefts are now becoming increasingly sophisticated. Some people are accessing individuals' FOBs to obtain the security coding when they are used to gain access to the car. The Met Police have reported that one third of cars stolen within the capital don't use keys! Experts fear that criminals could use malware to access satellites, which will allow them to hack cars and issue commands such as disabling alarms, and starting up the cars!
For more information on the hackability report please visit: http://www.wired.com/2014/08/car-hacking-chart/