Car-Jacking 2016-Style: Can Your Car Be Hacked?
Fact number one: more and more components of modern cars are controlled by electronics and computer systems. Fact number two: cars are one of the most significant items in the Internet Of Things, where things that aren’t computers and mobile phones go online and send info from A to B or receive information. Tons of new cars of the more connected type have the ability to run a diagnostic test, send the info to the maintenance people and send you a report (e.g. Ford’s SYNC Vehicle Health Report). You can also get apps to help you find where you parked your car if you are one of those who have a tendency to get forgetful in car parking buildings. Many cars are so connected that they’re probably the most mobile of mobile devices.
Fact number three: hackers exist. Scary stuff. You’ve got a car with all these electronically controlled safety devices (including steering correction and brake deployment), your car is connected to the internet and there are evil-minded folk out there who like to create a bit of havoc.
Scientific American magazine in February 2016 ran an article that explained that hackers can’t take over your car. However, Norton – the internet security experts who put out some of the best online protection software (thanks, guys; it works on my computers) – warn that some features of cars can and have been hacked. Not that there have been cases of cars being suddenly taken over by Evil Dr Loony-Boffin, whisking the hapless driver and passenger away to a secret underground lab where sinister experiments are conducted (cheesy thriller film, anyone?). However, Norton reports that there have been cases where disgruntled employees have immobilized engines remotely, or where researchers have managed to trigger tyre pressure warning signals or even disable the brakes.
The most high-profile story about car hacking comes from the US, where a pair of cyber security experts hacked a Jeep Cherokee in the name of research, and managed to take out the brakes (and do other stuff) while someone else was driving it. Wired magazine filmed it:
For those of you who drive or are interested in this variety of Jeep Cherokee, this hacking attack was part of a security test and the offending weakness has been fixed with a patch (I haven’t done any coding since the old BASIC days in the 1980s when the home computer came out, so don’t ask me how this works).
The second reason why you shouldn’t panic just yet is that these hackers weren’t malicious but were doing a heavy-duty security test of the sort that MacGyver used to carry out: break into a “secure” system to discover its weaknesses. It also took them quite a long time to do it. Most brainy teenagers out to cause mayhem don’t have quite that level of dedication. The fact that there are inventive, creative and intelligent people trying to hack all these connected cars means that the weaknesses will be fixed. We saw the same thing happen with emails and computer viruses, and we’ve all got antivirus software and spam filters these days. Thanks to these guys, who have what must be one of the more fun jobs in the world, we’ll get cars that are connected and safe.
The third reason why you shouldn’t panic about your car being hacked is that the hackers in the Jeep video had to plug their laptops into the car first. That’s right: the hackers had to have physical access to the car first. If you follow all the usual rules about physical car security and use reliable, reputable mechanics, you should be OK. You should also be careful about what you plug into your car, especially those fleet monitoring devices or similar.
Fourthly, many of the attacks that were demonstrated in the video weren’t life threatening. In another test that wasn’t on the video, including one where the remote hackers took over the cruise control, a lot of the attacks could also be over-ridden by an alert driver. The hackers also said that if a driver has both hands on the wheel the way we were all taught to, the steering hack could be over-ridden. Handbrakes also exist if the brakes are cut remotely.
Fifthly, according to Norton, there isn’t much point in cyberattacks on cars, even for terrorists. It would take a lot of technical work to hack just a few cars, and what would be the point of that when we all know they can wreak a lot more havoc with truck bombs? Having tyre pressure monitoring lights and weird pictures coming up on the dashboard are merely annoying rather than being real threats.
Last but not least, not every car has this level of connectivity, even the newest models. If they’re not connected, they can’t be hacked. Those of you with older vehicles can now look smug. Even if you have a tendency to lose your car in parking buildings.