Can Your Car Be Hacked?
It sounds like something out of a Hollywood blockbuster: You’re driving along, minding your own business, and suddenly your car seems to develop a mind of its own. No matter what you do, you can’t stop the vehicle, until you crash.
Sound terrifying? According to some security experts, it’s a possibility — albeit a remote one — that hackers could develop the ability to hack into newer car computer systems and wreak havoc on the driving public. As more drivers demand connectivity in their cars, and carmakers oblige with Wi-Fi service, onboard apps, Bluetooth capabilities, and more, the security risks increase exponentially.
Chances are, though, that the likelihood of an attack that renders drivers unable to control their vehicles is slim at best. The real danger is in the fact that hackers may soon be able to access your car’s computer systems to steal information from you, which is just a dangerous.
The Primary Dangers in Vehicles
In most cases, the danger of a cyberattack on a vehicle comes down to three key factors:
- The size of the “attack surface.” In other words, how many different ways are there for hackers to access the vehicle? Connections such as Wi-Fi, Bluetooth, cellular network connections, keyless entry systems, and even electronic monitoring systems such as the tire pressure monitoring system can all create vulnerabilities that are potentially exploitable. So while your vehicle may have all the bells and whistles, those features also make a much larger attack surface.
- The level of access the radio connections provide to key vehicle systems, such as the brakes, steering, or ignition. A Bluetooth connection that allows for hands-free calling and wireless music is not as physically dangerous as a warning system that uses wireless tech to alert the driver to low tire pressure but can be hacked to interrupt steering control.
- How many features the car has that do not require driver intervention, such as lane assist or parking assistance. These computer-aided features may reduce the likelihood of a fender bender, but if they are attacked, the hackers could send other commands that cause greater damage.
All of this is not to say that if your car has these features, many of which are highly sought after, it’s going to be hacked. In fact, there are several important reasons why it’s unlikely. However, carmakers and cybersecurity experts alike are concerned, and taking steps to help keep drivers safe.
The Good News About Hacked Cars
You’ve heard the bad news, now for some good news: It’s very difficult to hack a car at this time. Most of the tests that have been conducted on the cybersecurity of onboard computer systems have required an extensive rewiring of the onboard systems or physically accessing the vehicle’s OBDII system or Controller Area Network (CAN) (which all vehicles built after 1996 have). In other words, this malware isn’t like what you can get on your computer, which can spread simply by opening an email or visiting an infected website. Attacks on vehicles require knowledge of that specific vehicles operating system and a means of accessing that system, which isn’t always easy.
That being said, what some researchers are more concerned about are attacks on carmakers’ internal systems themselves, which could potentially impact vehicle onboard computers. For example, in one notable case, a car dealership used a software program that allowed them to disable the ignitions of vehicles that were designated for repossession. An unhappy employee hacked into the software and deliberately disabled the ignition systems for more than 100 vehicles in retaliation to the employer. Thankfully no one was injured, but the incident highlighted the potential for dangerous attacks.
Because the potential for harm is so great, carmakers have begun addressing the need to better secure onboard computers to prevent hacking and other attacks. For starters, they are looking into ways to secure and encrypt the data within onboard computers, much the same way that data is protected in other tech. They are also looking into ways to better deliver security updates; Tesla, for instance was able to update the security of onboard computers via an over-the-air update, while Ford and Fiat Chrysler has issued USB sticks to car owners with software that may be vulnerable to compromise.
Still, with everything becoming more and more connected, it’s important to be aware of the potential dangers, and do everything possible to protect yourself against them. So while at the moment the risk of your car being attacked is small — almost nonexistent — that could change in the future and you need to remain alert.