How Hackers Could Take Over Your Car

How Hackers Could Take Over Your Automobile

Credit: Syda Productions/Shutterstock — (Prototype credit: Syda Productions/Shutterstock)

From GPS navigation organization to satellite radio to wireless locks, cars today are connected to more networks than ever. But all that connectivity has a downside: Cars are also more hackable than ever. That's according to a new report issued today (Feb. 9) by the office of Sen. Ed Markey, D-Massachusetts, entitled "Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk."

It'southward not news to security researchers that connected cars can exist hacked. Annihilation that communicates with remote networks is potentially vulnerable, and weak or nonexistent data security only makes a network more promising to would-exist attackers.

It'south been known for years, for case, that malicious commands tin be sent over cellular data networks, such equally those used past carmaker remote-assistance services, to unlock car doors or seize control of certain cars' brakes or steering.

More than: Best Antivirus 2015

A segment terminal night (February. 8) on CBS News' "sixty Minutes" demonstrated some recent enquiry. Kathleen Fischer of the Pentagon's Defence force Advanced Research Projects Agency (DARPA) told correspondent Lesley Stahl that today's cars are essentially "computers on wheels." In the segment, Stahl drove a car (its make was obscured) as a DARPA researcher across the parking lot used a laptop to hack into the on-board assistance arrangement and remotely turn on the windshield wipers, honk the horn, hit the brakes and disable the brakes entirely.

Dangerous at any speed?

Markey'due south report is based on information he received from BMW, Fiat Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Country Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen and Volvo. Aston Martin, Lamborghini and Tesla did non respond to Markey's queries, which were sent out in December 2013.

The data the senator's office doesn't appear to have been very reassuring.

"Security measures to forbid remote access to vehicle electronics are inconsistent and haphazard across all machine manufacturers, and many manufacturers did not seem to sympathise the questions posed by Senator Markey," the report reads.

Cars are vulnerable to other kinds of attack that would requite drivers no dubiousness they'd been hacked. Researchers Charlie Miller and Chris Valasek have shown that, in some cars, attackers could utilize the car'southward internal network to activate brakes or cut an engine'southward power immediately. Concluding year, the pair even issued a preliminary written report detailing their findings most which cars could be most easily hacked.

Miller and Valasek's tests have been largely in controlled environments. In that location's no evidence that criminals are targeting cars to steal data or to damage the driver or passengers. Existent car hackers are mainly interested in stealing the cars themselves, every bit was recently shown in a wave of BMW thefts in Europe.

But most cars don't fifty-fifty have the ways to detect network intrusions.

"Just two automobile manufacturers," Sen. Markey'southward report said, "were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-fourth dimension."

Valasek told Tom's Guide that network-intrusion detection is the next stride in improving automotive information security.

"Charlie and I are both hoping to see mechanisms in the vehicle that tin, in real fourth dimension, detect and prevent attacks," Valasek said. "You should not but secure your organisation, you should at least know if something malicious has been tried."

We dearest the manner yous drive

Another bones upshot, according to the Markey report, regards driver privacy.

Car manufacturers gather reams of information about customers via the cars' onboard continued systems. The information can be personal habits gleaned from the onboard entertainment systems, which at present offer smartphone-like music and news apps, or from the onboard diagnostic systems, which monitor and record driving habits and vehicle operation. Both systems might tap into the GPS to keep track of where the motorcar is at all times.

Advertisers might be interested in the app usage and where and when the driver is when apps are used; insurance companies might want to know how oftentimes an individual commuter hits the brakes or goes over the speed limit.

Oft, car owners aren't properly notified of the calibration or nature of this drove, and can rarely opt out of information technology. This data collection is as well poorly secured, which ways drivers' personal information could be exposed and stolen without people ever knowing at that place was a trouble.

During the course of Markey'south investigation, auto-industry merchandise groups Brotherhood of Machine Manufacturers and the Association of Global Automakers adult a ready of guidelines proverb that customers' personal information should be collected "only as needed for legitimate business purposes."

Though they may be a first pace toward increased privacy and security, the guidelines are still optional for car companies, and even the stipulation near "legitimate business purposes" is highly open up to interpretation.

Ask your car dealer tough questions

Maybe about frustrating for drivers is that similar whatsoever other data breach, there'due south little that car owners can do to protect their privacy and security. Near all the cars currently on the market accept potentially vulnerable wireless networks, the Markey report has found, and consumers commonly can't opt out of the information collection without forfeiting important features such as onboard navigation, as provided by GM's OnStar and like services.

"When you're going to buy cars, ask about [security]," Valasek brash. "I think a lot of consumer awareness will result in people who sell cars asking the people they purchase them from these questions, and, hopefully, they'll become a expert dialogue going."

12 More Things You Didn't Know Could Be Hacked
Tech Features Nobody Wanted
13 Security and Privacy Tips for the Truly Paranoid

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+ . Follow us @tomsguide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She previously worked equally a Staff Author for Tom's Guide, covering video games, online security, 3D printing and tech innovation.