Is Your Car Vulnerable to Hackers?
A speeding car slams to a halt. The same car refuses to stop when the driver hits the brakes. Then it turns left abruptly, all by itself. Just for fun, the horn honks and the windshield washers spray. What's going on…?
Can Your Car Be Hacked?
Is this a Stephen King novel? No, it’s a February 2015 edition of the “60 Minutes" show. Mildly terrified reporter Lesley Stahl was at the wheel of an unidentified car whose controls were hacked wirelessly by DARPA – the Defense Advanced Research Projects Agency – in a demonstration of just how insecure modern “smart cars” are.
Automobiles are increasingly computerized and connected to external networks, including the Internet. Dozens of microprocessors control everything from acceleration to braking to tire pressure, locks and the horn. True, smart cars have some features that enhance driver safety. But it turns out they’re not even as well protected against hackers as Windows XP.
The Center for Automotive Embedded Systems Security (CAESS), a collaboration between the University of California San Diego and the University of Washington has also found that vehicles are vulnerable to hacking. Researchers there were able to open door locks, disable the brakes, turn off the engine of a moving car, and control other automotive functions.
"Today, all the devices that are on the Internet - the 'Internet of Things' - are fundamentally insecure. There is no real security going on," said Dan Kaufman, head of DARPA’s Information Innovation Office, whose team is working on “unhackable software” for small devices including systems found in cars.
Naturally, the automakers are not forthcoming about their cars’ shortcomings. The “60 Minutes” piece on CBS mentioned a fact-finding effort spearheaded by U. S. Senator Edward Markey (D-MA). It seems he sent a list of questions about data security and customer privacy to 20 global automakers in December, 2013. For some reason, his office did not publish its report of the answers until the day after the “60 Minutes” expose’ aired, fourteen months later.
Transparency is Lacking
The automakers’ responses are far from candid or even complete; Aston Martin, Lamborghini, and Tesla did not respond at all, and other manufacturers blithely ignored questions they didn’t feel like answering. It's too bad Markey’s report very carefully obscures the results so that we can’t tell which answers were given by which companies. But the general findings are alarming:
- “Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.”
- “Most automobile manufacturers were unaware of or unable to report on past hacking incidents.”
- “Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.”
- “Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.”
So your late-model car is probably wide open to hackers. But the bad news doesn’t stop there; Markey also asked about data privacy protections and here’s what he found:
- “Automobile manufacturers collect large amounts of data on driving history and vehicle performance.”
- “A majority of automakers offer technologies that collect and wirelessly transmit driving history information to data centers, including third-party data centers, and most did not describe effective means to secure the information.”
- “Manufacturers use personal vehicle data in various ways, often vaguely to ‘improve the customer experience’ and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.”
- “Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”
Should You Wrap Your Car in Tinfoil?
There's not much that drivers can do now, aside from being educated and demanding more transparency from auto makers. If you're driving a car that's been on the road for ten or more years, you can laugh at your friends with their shiny new hackable cars. The good news is that currently, there's no widespread threat of car hacking, even though the potential is widely known. That's probably because there's not much financial incentive, so hackers focus where the money is. The only story I've seen that didn't involve government or university security researchers was that of a disgruntled car dealership employee in Texas, who used a web-based system to disable the engines of more than 100 cars, and blast the horns.
That kind of stuff is annoying but not dangerous. But if terrorists decided to use wireless automotive technology to wreak havoc, the situation would be different. Hoping to fend off government regulation, the automakers announced in December 2014, their own voluntary data privacy principles. Markey plans to “call for clear rules – not voluntary commitments – to ensure the privacy and safety of American drivers is protected.”
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 10 Mar 2015
|For Fun: Buy Bob a Snickers.|
ALERT: Time to FREAK Out?
The Top Twenty
Geekly Update - 11 March 2015
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Is Your Car Vulnerable to Hackers? (Posted: 10 Mar 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved