Can you hack a car?

Image of interior of a car - Destination Certification

Back in the good old days, cars were purely mechanical beasts. Gas, pistons, and gears had vehicles hurtling across countries in greater comfort and with more autonomy than ever before. But as technology developed, they began to change. 

Radios, electric windows and sunroofs were just the beginning.  Electronic control units (ECUs) with microprocessors and integrated circuits started to be thrown in everywhere as the price of electronic components dropped. The latest cars are now an agglomeration of these mechanical bones, with hardware, software and automation layered on top. 

These vehicles offer a host of features and are much safer in physical terms than the trusty 1996 Camry ever was. However, these technological advancements also present security challenges. It was pretty easy to keep a car safe from hackers back when it didn’t have any computers in it. Things are a little different for a Tesla that has chips crammed into every corner.

Some of the major threats include attackers gaining access to critical driving functions. If cars could be easily controlled by attackers, our world would be sent into chaos. Our vehicles could become weapons, and hackers could grind a city’s traffic to a halt. We especially don’t want cars to be remotely hacked—if someone in another country can take control of the accelerator or steering wheel they can do untold damage. Attacks that require physical access are also concerning, but they must be put in their appropriate context. Older cars are also vulnerable via physical access—all someone has to do is cut the brakes.

Another major issue stems from new cars collecting lots of sensitive information about their drivers. We don’t want hackers to be able to access this information and find out things like a driver’s route from their home to work.

2014 Jeep Cherokee hack

A good example of some of the issues at play comes from security researchers who hacked a 2014 Jeep Cherokee. They demonstrated their remote exploit with a Wired journalist sitting in the driver’s seat. After gaining access to the controller area network (CAN) bus (which the ECUs use to communicate), they were able to control many of the car’s functions. While the reporter was driving, the researchers pumped the radio, blasted the aircon and set the windscreen wipers whirring. This alone could distract drivers enough to crash, especially if they were caught by surprise.

Things really got dangerous when the researchers cut power to the accelerator, substantially slowing the car on the middle of a highway. After further experimentation, the researchers also figured out how to slam the brakes, suddenly hit the gas, or sharply turn the wheel. If an attacker got this kind of control, it could lead to fatalities, destruction of property, or traffic being thrown into chaos. Ultimately, the research culminated with Chrysler having to recall 1.4 million vehicles so that the vulnerabilities could be addressed.

How do we secure cars?

None of us like the idea of our cars suddenly being taken over and our families being driven to their doom. Thankfully, automakers and regulators do take the threat quite seriously, and there are a number of safety measures in place that help to minimize the threats. Unfortunately, you’re going to have to wait ‘til next week to find out.

Image of the author

Cybersecurity and privacy writer.

Would you like to receive the DestCert Weekly via email?

Your information will remain 100% private. Unsubscribe with 1 click.

Page [tcb_pagination_current_page] of [tcb_pagination_total_pages]

>