In June we featured a story that revealed how airlines are vulnerable to hackers and today it has come to our attention that even cars are an easy target to hackers. Currently cars have become smartphones on wheels with cages of software code controlling brakes, steering and propulsion, not to mention radio, weather apps and air conditioning.
Wired Magazine staged an incident where hackers remotely disabled a Jeep SUV, leaving its journalist driver stranded in a ditch. The hackers Charlie Miller and Chris Valasek, targeted the 2014 Jeep Cherokee because they believed it’s hackable. Other vehicles they deemed particularly vulnerable included Toyota Motor’s 2014 Infiniti Q50 and Toyota Prius, General Motors’ 2015 Cadillac Escalade, the 2014 Ford Fusion, the 2014 BMW X3 and i12 and the 2014 Range Rover Evoque.
USA Today reports that the newest cars on the road are vulnerable to hackers according to survey. Typically, cars that have Internet connectivity, mapping capability or infotainment systems. The study by Miller and Valasek suggest that the most troublesome vehicles are those with Internet systems embedded in Infotainment systems and connected to other networks on the car, such as those operating brakes and propulsion.
The cars that can not be easily hacked are the 2014 Dodge Viper, 2014 Audi A8 and 2014 Honda Accord.
“Everything is hackable,” said Thilo Koslowski, who heads the automotive practice group for Gartner. “But remember that the automotive industry invented the term firewall. Now they need to apply it to bits and bytes.”
“This is a violation of some very basic and known best practices,” Steve Manzuik, director of security research at Duo Security, whose investors include Google. “It is this practice that makes attacks like what happened with the Jeep example possible.”
The Wired hackers accessed their Jeep Cherokee remotely by penetrating its UConnect infotainment system and reprogramming the vehicle. That was alarming for industry watchers who had previously questioned whether hackers could infiltrate a vehicle’s systems without wired connections inside the cabin.
“It’s hard to do, but the fact that it’s possible is disconcerting,” said Matt Clemens, a security solutions architect at Arxan Technologies.
The fact that hackers are able to hack cars pose a great danger to motorists in highways because one can easily take control of a car then cause an accident given that new cars have filled our roads and newest cars on the road are vulnerable to hackers.
“It’s creeping closer to where you could say that could be a malicious hacker,” said Richard Wallace, director of transportation systems analysis for the Center for the Automotive Research.
Some Auto companies revealed that they are investing in R&D and sharing information with each other to improve vehicle cybersecurity.
“We are integrating cybersecurity principles into our design from the outset of the product development process. Ford said. “We are not aware of any instance in which a Ford vehicle was infiltrated or compromised in the field.”
Auto companies had previously agreed to join a new consortium called Auto Information Sharing Advisory Center (ISAC), which will allow manufacturers to share information on cybersecurity measures without violating anti-trust laws.
“They’re staffing up with a lot of really good software engineers or they’re teaming with software companies that are already ahead of the game on this,” said Jon Allen, a Booz Allen Hamilton cyber expert and consultant on the ISAC project.
Also read: Two Hackers Rewarded By An Airline