F5.5G Leap-forward Development of Broadband in Africa The Africa Broadband Forum 2024 (BBAF 2024) was successfully held in Cape Town, South Africa recently, under…
Hack my ride: why getting your door open matters more than cutting your brakes
Over the past few weeks there have been a number of stories around hackers finding major security vulnerabilities in cars made by major vehicle manufacturers. Some, like Tesla, have worked with the hackers involved to fix those vulnerabilities while others have been less open to collaboration.
So far the hackers behind these exploits have been good enough to share them with the manufacturers concerned, but it’s only a matter of time before that changes and a new kind of security war kicks off.
It was bound to happen too. Our cars, more than ever, are gadgets and they come with many of the same risks as those gadgets. Except that with cars, the stakes are potentially deadly.
The risks of infotainment
The biggest recent leaps in car hacking have come alongside the expanded capabilities of car infotainment systems.
When hackers Charlie Miller and Chris Valasek remotely took over a Jeep while Wired writer Andy Greenberg was driving it, they were able to do so because of an exploit in Fiat Chrysler’s Uconnect system, which connects the car to the internet.
The system, which is present in hundreds of thousands of Fiat Chrysler vehicles affects everything from the vehicle’s entertainment and navigation, to its ability to make phone calls, and also offers a Wi-Fi hot spot.
And when Marc Rogers, Principle Security Researcher for CloudFlare, and Kevin Mahaffey, CTO of Lookout Inc finally hacked into the Tesla Model S after two years of attempts, they did so through the car’s infotainment system.
Miller and Valasek were able to do obvious things like mess with the Jeep’s air-conditioning and stereo, but they were also able to cut power to the Jeep’s accelerator and brakes, rendering Greenberg a helpless passenger.
Rogers and Mahffey meanwhile were able to pop open the boot, flash the lights, unlock the car, and even turning off the Model S while it was running.
It makes sense too. Cars are now a part of a wider internet of things and with carmakers cramming as many functions as possible into the infotainment system — the nexus of that connectivity — it makes for a natural target.
That’s worrying. As Nitesh Dhanjani warned after he managed to wirelessly unlock a Model S in 2014″ “We cannot be protecting our cars in the way we protected our (computer) workstations, and failed.”
When Rogers and Mahaffey notified Tesla of the vulnerability, the company worked with them to fix it and uploaded the patch to nearly all its cars (something it has a history of doing)
And when Miller and Valasek told Fiat Chrysler about the UConnect vulnerability, it didn’t acknowledge them directly, but did issue a patch and recalled some 1.4-million vehicles.
Of the two, it seems likely that Tesla’s approach is the one most likely to succeed in the future and therefore more likely to be adopted by other car makers.
If nothing else, that should be comforting to everyday drivers.
A long, hard slog
They can also take comfort from the fact that it took both sets of hackers (and remember, we’re talking about veterans of the security industry here) months to get into the respective infotainment systems.
They had to dig hard to find the vulnerabilities and, moreover, they had to know the IP address for a specific car to do be able to take over the functions they did.
And as Road & Track’s Robert Sorakanich points out, those specific circumstances mean it’s pretty unlikely that someone will be cutting your brakes any time soon:
Is there a hacker out there who knows your Chrysler vehicle’s IP address, possesses masters-level computing skills, and has months to devote to reverse-engineering a way to take over your car? If you’re not some kind of international spy, the answer is probably “no.”
That doesn’t mean there isn’t any risk of your car getting hacked though.
Cheap, nasty, effective
In fact, there’s evidence to suggest that car hacking may be more common than most of us think. Even more worryingly, it seems that car makers have been trying to suppress that evidence.
A couple of years ago, three researchers — Birmingham University’s Flavio Garcia and Roel Verdult and Baris Ege, from Radbound University in Nijmegen — found that immobilisers fitted to more than 100 car makes had weak security that could be defeated fairly easily.
Before they could publish their research though, a judge paced a ban on it, arguing that it would show criminals how to steal cars.
The car industry is believed to have widely supported the ban, with a Volkswagen spokesperson saying:
“Volkswagen has an interest in protecting the security of its products and its customers. We would not make available information that might enable unauthorised individuals to gain access to our cars. In all aspects of vehicle security, we go to great lengths to ensure the security and integrity of our products against external malicious attack.”
Thing is, as many as four in 10 Londoncar thefts are already believed to feature some form of hacking. The researchers believe that the car makers wanted to suppress the information in order to avoid the cost of replacing the vulnerable key fobs and coming up with a safer, but more expensive, system.
The problem still exists too. Digital security researcher Samy Kamkar recently showed off a US$30 device that allows him to intercept and copy the signal from pretty much any key fob and lock and unlock a car at will.
The dangers of outside tech
It’s not just tech built by vehicle manufacturers that’s vulnerable to hacking either.
Kamkar’s most recent demo came shortly after he showed off a homemade device that can intercept signals from the OnStar smartphone app to track, unlock, and remote-start a car connected to the app.
Researchers, from the University California, San Diego meanwhile recently demonstrated that an OBD2 dongle — which plugs into a car’s dashboard and monitors its location, speed, and fuel efficiency — can be turned against a car and used to run the windscreen wipers and apply the brakes.
This is the kind of dongle by the way which many insurance companies provide their customers with in exchange for the possibility of lower premiums.
The really scary thing is that they were able to do so via SMS commands.
Money talks
For now, these kinds of cheap, dirty hack are far more lucrative to criminals because, by and large, they allow them to get with your car or the valuables inside it.
As long as that’s the case, it’s where the car manufacturers should be expending their energy too. But as long as there are smart hackers willing to try and break into their systems and tell them about it, they should be listening with ears wide open. Because it won’t be always be that way.