It's already been proven that hackers could gain access to a car's systems through its infotainment system - so should we be worried?
Matt Prior
7 August 2015

When, in 2013, hackers Charlie Miller and Chris Valasek hard-wired their laptops into a Ford Escape and a Toyota Prius and assumed control of the cars’ electronic systems from the back seat while a journalist from Wired magazine drove around a car park, some of the car industry raised an eyebrow about the potential for cars to be electronically hacked.

But back then, the pair of them needed access to a diagnostic port, and – hey – who’d give that sort of access to a hacker?

So last week, while the same Wired reporter drove a Jeep around the outskirts of St Louis, the same hackers sat on a sofa 10 miles away and remotely gained control of the car’s systems. Not just a few innocuous ones, 
such as the wipers or stereo, 
but ones like the engine, brakes and transmission.

So now everyone has raised an eyebrow and is wondering what the motor industry is going to do about a potentially catastrophic security flaw.Cars are more connected and, electronically, more complex than ever.

They’ve become that way innocently enough. As wiring looms for all of a car’s features – ABS, hi-fi, lighting, engine, transmission and so on – became massively complicated, a bright spark at Bosch had the idea of sharing a common set of wiring, called a CAN bus, along which power and data info could be passed.

The CAN bus saves a lot of wiring and therefore a lot of weight and money but means a car’s electronic control units – of which a car might have dozens – are all effectively connected to each other.

None of which would have been seen as a problem in the 1990s when CAN buses started being used, because no one would have thought you could sit in your pants on a sofa and gain malicious access to it.

But with increased internal complexity has come increased connectivity. So if, say, your stereo can stream from the web, or the diagnostics or the navigation or the multimedia system can talk to the outside world, that’s a portal that’s vulnerable to hackers.

And if the ECUs for the ABS, the self-park steering system, the throttle or even the automatic gearbox are all loosely connected to that same portal, they’re all fair game to a hacker.

The solution, of course, is that new security precautions will have to be reverse engineered into cars’ electronics systems –
systems that you probably didn’t want or ask for in the first place but which have become ever more prevalent and for which you’ll pick up the tab to make them more secure. Because although it’s unlikely someone will want to take control of 
your car, the implications of 
not securing the system don’t bear thinking about.

Get the latest car news, reviews and galleries from Autocar direct to your inbox every week. Enter your email address below:

Join the debate

Comments
8

7 August 2015
The question is, did they gain their initial access to the car's systems remotely?

I suspect they still had physical access to the vehicle first in order to hack in to the systems and then used a remote connection to interact with the vehicle, via the connection they had already created, in which case it is not much different to the 2013 example.

If they did actually hack in remotely, that is a serious issue, but I doubt it.

7 August 2015
I've read the more detailed reports and they never had any physical access. It was all done remotely, via the DAB radio of all things initially, which they were able to corrupt to accept incoming data instructions.

7 August 2015
I've read the more detailed reports and they never had any physical access. It was all done remotely, via the DAB radio of all things initially, which they were able to corrupt to accept incoming data instructions.

7 August 2015
It's fairly shocking that remotely connecting to the infotainment system could give you access to functions critical to the cars operation. That's just poor programming and the manufacturers should be ashamed of themselves.

Not that I'm surprised - IMO they've always been way behind the technological curve on most things, and judging from the front end that you interact with (either the latest touch screens or past multi function trip computer/stereo mash up interfaces), most in car technology has been incredibly idiosyncratic at best, and often just unbelievably bad. It doesn't get any better when you look underneath using some of the many tools available out there.

Without wishing to be too pedantic about Matt's otherwise decent article on the subject, I just have to point out that reverse engineering means taking an existing system for which you have no code, and using your best guesses to work out how it does what it does. I think Matt meant "upgrade" or simply "added" which doesn't sound quite as techy or clever as reverse engineer!

7 August 2015
Michael Hastings was found dead in his burnt out wreck after apparently having an accident on a straight road where no other vehicle was involved. What makes this accident stand out was Mr Hastings was a journalist working on a big story about the former director of the CIA John Brennan. Before his death he had expressed concerns to friends that the FBI were investigating him and his colleagues and that he had told a neighbour that he thought his car had been tampered with. Witnesses of the accident told how his car had just suddenly accelerated before hitting a tree? My opinion is this is no doubt within the capabilities of the CIA especially when you consider the Stuxnet Virus designed to interfere with the Iran Nuclear programme.

 Offence can only be taken not given- so give it back!

7 August 2015
You should check this out :-
www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf

 Offence can only be taken not given- so give it back!

7 August 2015
Wired published yesterday hackers had successfully gained access to a Tesla MOdel S.

Same day, Tesla issued an automatic software patch that Tesla owners could protect their vehicles (upon giving their consent).

Not for Tesla a recall of all their vehicles, merely a very efficient security solution delivered to all Tesla owners within 24 hours of security breach notification.

The way of the future..............

Malo Mori Quam Foedari

7 August 2015
RPrior wrote:

Wired published yesterday hackers had successfully gained access to a Tesla MOdel S.

Same day, Tesla issued an automatic software patch that Tesla owners could protect their vehicles (upon giving their consent).

Not for Tesla a recall of all their vehicles, merely a very efficient security solution delivered to all Tesla owners within 24 hours of security breach notification.

The way of the future..............

Welcome to hear. Funny how the "good news" like that never seems to hit all the headlines in the same way as the bad/shocking stories do!

Add your comment

Log in or register to post comments

Find an Autocar car review

Driven this week

  • Lexus LC500
    Car review
    20 October 2017
    Futuristic Lexus LC coupé mixes the latest technology with an old-school atmospheric V8
  • Maserati Levante S GranSport
    First Drive
    20 October 2017
    Get ready to trade in your diesels: Maserati’s luxury SUV finally gets the engine it’s always needed
  • Jaguar XF Sportbrake TDV6
    First Drive
    19 October 2017
    The handsome Jaguar XF Sportbrake exhibits all the hallmarks that makes the saloon great, and with the silky smooth diesel V6 makes it a compelling choice
  • Volkswagen T-Roc TDI
    First Drive
    19 October 2017
    Volkswagen's new compact crossover has the looks, the engineering and the build quality to be a resounding success, but not with this diesel engine
  • BMW M550i
    First Drive
    19 October 2017
    The all-paw M550i is a fast, effortless mile-muncher, but there's a reason why it won't be sold in the UK