Your browser version is outdated. We recommend that you update your browser to the latest version.

Share this page...

DEFSECMEDIA

DEFSEC Media is New Zealand's defence, security and fire B2B/B2G publishing group. Our leading magazines, NZ Security, Fire NZ - and our latest title - Line of Defence, are read by key business, government and military decision makers. This website is the online home of cutting-edge content from each of our titles.


 

Automotive cybersecurity: is car hacking really a thing?

NZ Security, June 2016

Should we be afraid?Should we be afraid?NZ Security Magazine’s June 2015 issue carried a story about US-based whistleblower and IT expert Chris Roberts, who allegedly manipulated an airliner’s engines mid-air by hacking into onboard systems via the in-flight entertainment unit (“High wiring: the man who hacked a plane”). The FBI took Mr Roberts’ claims very seriously, and since then have also turned their attention to emerging concerns over car hacking.

In a Public Service Announcement (PSA) issued on 17th March, the FBI officially bought into the emerging issue of car hacking, confirming that security researchers evaluating automotive cybersecurity were able to demonstrate remote exploits of motor vehicles. “The analysis demonstrated the researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities.”

The PSA cited an August 2015 whitepaper in which researchers were able to accomplish a number of vehicle function manipulations, including: engine shutdown, brake disabling and steering (in a target vehicle travelling at 5-10 mph); and door locking, turn indicating, and tachometer, radio, HVAC and GPS operation (in a vehicle at any speed).

In another 2015 case, researchers Charlie Miller and Chris Valasek were able to control a Jeep Cherokee remotely from kilometers away by exploiting the car's entertainment system, which was connected to the mobile data network. The pair were able to fiddle with the vehicle’s air conditioning, transmission, and even its steering controls. Following this, Fiat Chrysler launched a safety recall of 1.4 million recent model cars deemed vulnerable to remote exploit.

Automotive hacking, we are being told, is a natural consequence of cars becoming ‘connected’. While connected cars offer innovative features and services, such as keyless entry, ignition control, tire pressure monitoring, diagnostic, navigation, and entertainment systems, there is a potential downside. According to Argus Cybersecurity, “these new features also increase vehicles’ cyber attack surface, so the more sophisticated modern cars become, the more vulnerable they are to cyber attacks.”

In late April, two bills were sponsored into the Michigan senate that would regulate that state’s emerging connected and autonomous vehicle industry. Under the proposed legislation it would become a felony to "intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorised control of the motor vehicle." Transgressors could face up to life in prison.

Such jail time may seem excessive, but, after all, we are talking Michigan, home to the ‘Motor City’ of Detroit, the headquarters of the US automotive industry and the home of General Motors, Chrysler and the Ford Motor Company.

But not everyone’s convinced that car hacking poses a real threat. According to tech journalist David Pogue in a recent article in Scientific American, it generally takes expert teams several months to successfully hack into a vehicle. “Here's the simple truth. No hacker has ever taken remote control of a stranger's car. Not once. It's extraordinarily difficult to do. It takes teams working full-time to find a way to do it,” he wrote.

Chris Valasek, the expert hacker who was part of the team that eventually pulled off the Jeep Cherokee hack, told CNBC, “I'm more afraid of someone texting and driving and running into me than I am of someone hacking my car.”

Back to Security

Follow us...

 

 

 

 

 

 

 

© 2015. Defsec Media Limited. All Rights Reserved.

Defsec on YouTube...