Whether you want to admit it or not, the fact of the matter is that if you have a connected vehicle – one that is transmitting and receiving from the internet – it is susceptible to attacks.
There will be an estimated 250 million connected vehicles on the road by 2020, and some cars are already connected, therefore the threat of car hacking is worse than ever before.
Cyber security companies are already trying to imagine the nightmare scenarios created by a connected vehicle being hacked. Will Rockall, a cyber security expert, speculates that cars could be forced to gring to a halt during a popular event causing traffic chaos, “Vehicles transporting high value goods could be hijacked remotely,” he says, “Or the fantastical notion of rich rivals being kidnapped or their vehicles caused to crash.”
This type of threat is real. There are a plethora of sensors and technologies on board the modern car, and each one is programmed by a piece of software that is constantly being updated by a server somewhere in the cloud that is being programmed by experts in their field to react to obstacles, detect reasons to perform emergency stops, take evasive actions, etc.
It would only take a mischievous, or even malevolent, hacker to put their mind to taking on the software that controls these vehicles and they would be able to cause problems, and perhaps even fatal accidents.
Chinese researchers managed to do just that. In laboratory conditions, they managed to hack two Teslas in order to remotely move the seats, apply the brakes and open the boot. All done without initially having access to the car. Theoretically, they could do the same hack to control a car in a real situation on a busy street.
Chinese researchers managed to hack two Teslas in order to remotely move the seats, apply the brakes and open the boot.
Tesla aren’t the only car company to have their modern technology hacked. Ford and Toyota both had their vehicles controlled after a physical change to the on-board diagnostic sockets allowed access to their controls. Fiat Chrysler had to recall 1.4 million cars to increase security in their infotainment systems.
The problem falls to the car’s electronic network. This is essentially the brain of the car. It’s where all the sensors and control units for things like the brakes, steering wheel and locks for doors and the boot all come together to be controlled by the software.
Car hacking is made possible by the electronic network, especially as it is made accessible via apps that allow the owner to control things such as temperature and door locks. If a hacker is able to take control of the owner’s smartphone, or emulate their smartphone, then they could potential take control of the electronic network by transferring data around the car.
Because the electronic control unit (ECU) is connected to a server, which is constantly sending information from one car to another, there is a potential situation that could arise where a virus could be deployed across an entire car network before engineers are able to stop the attack.
In the Tesla attack, the research were able to hack the car using a fake Wi-Fi network that the owner would theoretically connect to. The hacker has control of the Wi-Fi network, and therefore can access information from the owner’s mobile phone. In turn, they can then access the ECU of the vehicle they want to attack. It’s a highly unlikely scenario, especially as people are more savvy with technology and digital security now, which led Tesla to say that the hack was low risk. They did, however, issue a patch for the issue within ten days.
Where this issue was detected by researchers who were car hacking ethically, it could only be a matter of time before hackers are able to cause some damage before being stopped.