Is Your Car Vulnerable to Hackers?

Category: Auto

A speeding car slams to a halt. The same car refuses to stop when the driver hits the brakes. Then it turns left abruptly, all by itself. Just for fun, the horn honks and the windshield washers spray. What's going on…?

Can Your Car Be Hacked?

Is this a Stephen King novel? No, it’s a February 2015 edition of the “60 Minutes" show. Mildly terrified reporter Lesley Stahl was at the wheel of an unidentified car whose controls were hacked wirelessly by DARPA – the Defense Advanced Research Projects Agency – in a demonstration of just how insecure modern “smart cars” are.

Automobiles are increasingly computerized and connected to external networks, including the Internet. Dozens of microprocessors control everything from acceleration to braking to tire pressure, locks and the horn. True, smart cars have some features that enhance driver safety. But it turns out they’re not even as well protected against hackers as Windows XP.

The Center for Automotive Embedded Systems Security (CAESS), a collaboration between the University of California San Diego and the University of Washington has also found that vehicles are vulnerable to hacking. Researchers there were able to open door locks, disable the brakes, turn off the engine of a moving car, and control other automotive functions.
Car Hacking

"Today, all the devices that are on the Internet - the 'Internet of Things' - are fundamentally insecure. There is no real security going on," said Dan Kaufman, head of DARPA’s Information Innovation Office, whose team is working on “unhackable software” for small devices including systems found in cars.

Naturally, the automakers are not forthcoming about their cars’ shortcomings. The “60 Minutes” piece on CBS mentioned a fact-finding effort spearheaded by U. S. Senator Edward Markey (D-MA). It seems he sent a list of questions about data security and customer privacy to 20 global automakers in December, 2013. For some reason, his office did not publish its report of the answers until the day after the “60 Minutes” expose’ aired, fourteen months later.

Transparency is Lacking

The automakers’ responses are far from candid or even complete; Aston Martin, Lamborghini, and Tesla did not respond at all, and other manufacturers blithely ignored questions they didn’t feel like answering. It's too bad Markey’s report very carefully obscures the results so that we can’t tell which answers were given by which companies. But the general findings are alarming:

  • “Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.”
  • “Most automobile manufacturers were unaware of or unable to report on past hacking incidents.”
  • “Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.”
  • “Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.”

So your late-model car is probably wide open to hackers. But the bad news doesn’t stop there; Markey also asked about data privacy protections and here’s what he found:

  • “Automobile manufacturers collect large amounts of data on driving history and vehicle performance.”
  • “A majority of automakers offer technologies that collect and wirelessly transmit driving history information to data centers, including third-party data centers, and most did not describe effective means to secure the information.”
  • “Manufacturers use personal vehicle data in various ways, often vaguely to ‘improve the customer experience’ and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.”
  • “Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

Should You Wrap Your Car in Tinfoil?

There's not much that drivers can do now, aside from being educated and demanding more transparency from auto makers. If you're driving a car that's been on the road for ten or more years, you can laugh at your friends with their shiny new hackable cars. The good news is that currently, there's no widespread threat of car hacking, even though the potential is widely known. That's probably because there's not much financial incentive, so hackers focus where the money is. The only story I've seen that didn't involve government or university security researchers was that of a disgruntled car dealership employee in Texas, who used a web-based system to disable the engines of more than 100 cars, and blast the horns.

That kind of stuff is annoying but not dangerous. But if terrorists decided to use wireless automotive technology to wreak havoc, the situation would be different. Hoping to fend off government regulation, the automakers announced in December 2014, their own voluntary data privacy principles. Markey plans to “call for clear rules – not voluntary commitments – to ensure the privacy and safety of American drivers is protected.”

Power User Search Tips and Tricks
Power User Search Tips and Tricks

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 10 Mar 2015


For Fun: Buy Bob a Snickers.

Prev Article:
ALERT: Time to FREAK Out?

The Top Twenty
Next Article:
Geekly Update - 11 March 2015

Most recent comments on "Is Your Car Vulnerable to Hackers?"

Posted by:

Walter
10 Mar 2015

My previous research indicates that you just find the unit and unscrew the antenna and bam, the entire system is safely disabled.

EDITOR'S NOTE: You might eliminate one attack vector that way, but you'd probably also disable your radio, and possibly other systems. Other ways into a vehicle's systems include, but not limited to: mechanic tools, CD players, GPS, Bluetooth and cellular radios, and wireless communications.


Posted by:

Mac 'n' Cheese
10 Mar 2015

The information you present here is, indeed, troubling, Bob. As someone looking to buy a new car in the next year--someone who WANTS all the techno-bells and whistles--I'm concerned.

But I also believe that simply piling on new rules and regulations may not be the best way to proceed. Democratic Senator Markey, whose report you highlight, seems to think we need a plethora of new rules that will affect conceivable part of society.

The correspondents in the CBS interview (follow your link to http://www.markey.senate.gov/news/press-releases/markey-report-reveals-automobile-security-and-privacy-vulnerabilities, then scroll down to the seven-minute interview with Markey) raised some compelling counterpoints, I thought. In essence, they would allow automakers to voluntarily beef up security as a result of public scrutiny. (And you are doing a GREAT job of making at least part of the general public aware of the problem.) Then let the automakers brag about the enhanced security of their computer systems, just as they brag now about their fuel economy or their crash-worthiness.

Mac


Posted by:

wilson
10 Mar 2015

We can be sure the terrorist are advancing their technical knowledge and it has been seen already by their ability to hack into various websites. The more dependent we become on all this new tech that serves no purpose other than to make a few people rich,the more dangers we expose ourselves to. Not that technology is bad but our own stupidity in not knowing what to latch onto and what not, will cost us the most.
Personally I will pass on the new Apple watch and pay my bills the old fashion way. Keeping my credit card info in my safe keeping not Google's or any other third parties wallet.

Again a great article.


Posted by:

MmeMoxie
10 Mar 2015

Thank the stars, that my 1998 Lincoln Towncar, is too old and not considered a Smart Car. I know that my car is old, but, it is in excellent shape and only has 113700 miles on it. NO, the speedometer was NOT messed with, either. I just happened to get a great car, with extreme low mileage.

However, I do know, that using my key bob can be duplicated, by a dishonest person. When you press the button, to open your car, the "code" can be read, with the right equipment. Yes, even knowing this, I will use my key bob, to open my trunk and doors.

I am sure, that my car will not be on the sights of any hackers. First of all, it's too old and the newer cars, with ALL the bells and whistles, are highly wanted. Especially, the cars with Internet capabilities.

I just wonder, when will hackers due damage to all of the Smart Homes, in the USA???


Posted by:

David from Florid
10 Mar 2015

If the hacker can turn off the engine - then I can assume he can also open doors. Anything from vandalism to kidnapping. What's next? So what is the need to have an internet connection anyway? If its based on being able to stop a criminal in his tracks s to speak the cost versus benefits don't add up if there is a kidnapping etc. The Idea of theft prevention should be physical if this can be hacked. I think of all the RF (radio frequency) saturation where millions of people have phones and Wi Fi now we have millions of cars doing the same? Shame on us.


Posted by:

Bill Parsons
10 Mar 2015

Do yo think this may be one place that Dem and Rep can stop arguing and actuall do something about it.


Posted by:

Mac 'n' Cheese
10 Mar 2015

May I be permitted a follow-up to my earlier comments? I just read Senator Markey's letter to an automaker. The questions he asked--and to which he requested a reply in just a few business days--were extremely wide-ranging, and covered multiple years of experience. I would guess it might take a team of several statisticians working full-time for several weeks to compile meaningful and comprehensive answers.

Why should an automaker be expected to commit those kinds of resources to what they probably saw as an off-the-wall inquiry from some Senator?

Then there's the issue of confidentiality. The senator promised he wouldn't divulge which automakers provided what answers. I can certainly see why the automakers wouldn't want that. Honest answers to the questions Senator Markey raised would be invaluable in the hands of competitors AND in the hands of hackers. If I were an automaker executive and read the words, "Please note that it is not my intent to publicly disclose company-specific security-related information ..." I would laugh out loud and say, "Yeah, right!"

It would be like writing to Coca-Cola and saying, "Please tell me your secret formula. I promise I won't tell a-n-y-b-o-d-y!"

In my opinion, the senator was lucky the automakers gave him the time of day. That must be frustrating to anyone who wants to make more rules to regulate more industries.

Mac


Posted by:

Carole
10 Mar 2015

I watched that show on 60 Minutes when they aired it on TV. It didn't specify which cars are mostly likely to be at risk. A while back, I heard that Jeeps had a security problem, but no other vehicle on the road. Is there a list online which cars are the most at risk?


Posted by:

RichF
10 Mar 2015

Seeing there's not much money to be made in hacking a car, one has to worry about kids messing around just for 'kicks'.


Posted by:

Al
10 Mar 2015

Lets face it. Between cell phones, Facebook, email etc
distracting the drivers and all of the manufacture's
systems going wonky, as an attorney I see the mother of all ultra-deep pockets liability suits right around the corner! I can't freakin' wait!


Posted by:

Mac 'n' Cheese
10 Mar 2015

RichF wrote, "Seeing there's not much money to be made in hacking a car, one has to worry about kids messing around just for 'kicks'."

Should we also be worried that terrorist hackers might be able to stall many of the cars on a given freeway at a given time? Or worse, might put the pedal to the metal on many, many cars at once?

Or is that just being paranoid?

Should we jack up our cars when we park them in the garage, to get the drive wheels off the ground? I'd hate for some guy to remotely start my car, put it in gear, and goose it. That would mess up our guest bedroom.

Mac

P.S. MmeMoxie, I hope to goodness that's not your Lincoln Towncar in front of my new Honda, when some wack-o jams my gas pedal to the floorboard. I'd hate to hit your "tank" (no offense, please) with my little tin can, if I'm doing 90 mph while you're doing 40. Shucks, it might even dent your bumper.


Posted by:

Colin
10 Mar 2015

I'm waiting for this to be incorporated into the Bourne movie


Posted by:

Maurice Lampl
11 Mar 2015

So why doesn't the law enforcement have this technology and be able to stop a getaway car without risking other lives in high-speed car pursuits???


Posted by:

rocketride
11 Mar 2015

@RichF

Or terrorists.


Posted by:

MmeMoxie
13 Mar 2015

@ Mac'n' Cheese --- I pray that I am not in front of you, either! LOL

First of all, my Towncar can easily go 120 miles an hour, but, then I would be speeding, right? In all honesty, I know what you really do mean.

Prior to this Towncar, I had a 2001 Lincoln Towncar that was totaled in a car accident. A 19 year old, drunk driver, ran a red light and pulled out in front of me, going 55. I was also, going 55 and applied my brakes, swerved my car, as much as I could and I wound up "T-Boning" his Ford 150 truck!!!

Bottom line, I was alert throughout the whole accident and afterwards. I only broke my right wrist and hurt my right shoulder and neck. Oh, my big right toe, dislocated during the accident!

I was very, very lucky. Towncars are made to drop the engine down and forward, when they hit head on. This is why, I have another Towncar and I must say, I LOVE it. Plus, I am an old lady and want to look the part. LOL!!!


Posted by:

Jason
14 Mar 2015

The question that nobody seems to be asking is: Why should all (or any) of our "Things" be connected to the internet at all? Have we, perhaps, spent too many years dreaming of all the exciting possibilities suggested by science fiction? Regardless of how much good MAY come of these advances, we have a responsibility, an obligation, to consider to possible damage as well. Just because we can do something doesn't mean we should.

@MmeMoxie - My mom, whose 68, has a Towncar (2000) and we love it. One of the most reliable cars we've ever had!


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML


Article information: AskBobRankin -- Is Your Car Vulnerable to Hackers? (Posted: 10 Mar 2015)
Source: https://askbobrankin.com/is_your_car_vulnerable_to_hackers.html
Copyright © 2005 - Bob Rankin - All Rights Reserved