Can your car be hacked? From brakes to GPS, a look at what’s vulnerable

can your car be hacked hacking threats analyzed brakes deactivated

Having a hacker charge a carbon fiber toilet seat to your Visa card is inconvenient, but what if they decide that your car would function better without brakes?

That’s exactly what happened to Forbes journalist Andy Greenberg in a very unusual recent road test. Greenberg hopped into a car with some hackers, who deactivated the vehicle’s brakes by jacking into an onboard data port.

The idea of a hacker taking control of a car and endangering its occupants sounds like the ultimate dark side of the ongoing digitization that has made cars more efficient, safer, and more connected to our lives than ever before. So, is car hacking a real threat, or fodder for science fiction?

Vital systems

Car hacking hit the tech mainstream in an ugly way this past June when journalist Michael Hastings, famous for bringing down General Stanley McCrystal with a revealing Rolling Stone profile, was killed in a horrific car crash.

A hacker looking to take over someone’s car would have to put in a lot more effort than one looking to take over one’s credit card.

Shortly after, President George W. Bush’s top counterterrorism expert, Richard Clarke, went public implying that Hastings could have been assassinated, and that his own car could have been the weapon.

“There is reason to believe that intelligence agencies for major powers — including the United States — know how to remotely seize control of a car,” Clarke told the Huffington Post at the time.

“So if there was a cyber attack on the car — and I’m not saying there was… I think whoever did it would probably get away with it,” Clarke said.

Hastings’ 2013 Mercedes-Benz C250 coupe hit a tree with such speed that witnesses said the crash sounded like an explosion. There were no other cars involved.

So how would a government assassin take control of a car? At first, it seems as easy as Richard Clarke suggested. Modern cars are now essentially rolling computers that control everything from anti-lock brakes to the engine and transmission.

Many cars even have “drive-by-wire” throttles and brakes, with no physical connection between the pedals and the mechanisms they control. Nissan is even launching a steer-by-wire system on the 2014 Infiniti Q50.

Infiniti Q50 direct adaptive steering
Infiniti Q50 Direct Adaptive Steering

With a car’s gas and braking systems already controlled by computers, all a hacker would have to do to commit vehicular homicide is insert some malicious code into those computers, right? Not quite.

For hackers to have taken over Hastings’ car they would have had to access it wirelessly, and that’s easier said than done.

A car’s computer control system, called a Controller Area Network (CAN) bus, isn’t like your desktop or laptop computer; it’s hard-wired and not designed to receive wireless commands. Charlie Miller and Chris Valasek, the hackers that actually cut a car’s brake function in the Forbes story, did so by physically plugging their laptops into the vehicle after taking most of the dash apart to get at the car’s wiring.

Fully electric vehicles may also be vulnerable. Putting them “in gear” is usually done with a stalk or button rather than a mechanical linkage.

Wireless car hacking has only been achieved in the lab – at least that we know of. Separate experiments conducted by the University of Washington and the University of California, San Diego were able to penetrate the CAN bus using connected devices such as smartphones.

However, their success was limited. The University of Washington’s report states that, while researchers were able to get wireless access to a moving car, they were only able to send commands at speeds below five mph. Above that speed, the CAN bus realized that the vehicle was operating outside normal parameters and ignored the errant code.

True, a hacker could attach hardware to the car to gain direct access, but if an attacker already has that much physical access to a car, why bother with software? Cutting the brake lines or planting a Casino-style bomb would be just as easy.

That’s what officials from Ford and Toyota said when Miller and Valasek showed them their research. If someone has access to a car, there are already numerous ways to cause harm.

Cars also don’t share a common programming language like a Mac or a PC. Miller and Valasek bought a 2010 Ford Escape and 2010 Toyota Prius and spent months analyzing their computer systems; they’d have to start all over again if they wanted to mess with a BMW or Nissan.

Audio, Infotainment, and Navigation

The computers that control a car’s throttle, steering, and brakes aren’t like the ones people have on their desktops, but there are other systems onboard that are.

2014 Chevrolet MyLink
2014 Chevrolet MyLink

While the CAN bus can so far only be accessed directly through a hard line, there are many ways to breach a car’s infotainment devices remotely. The University of Washington and University of California, San Diego researchers were able to insert malware on CDs and mp3s, which were then installed on an iPod that was then synced with a vehicle’s system.

A driver could inadvertently get their car hacked by downloading third party software to their phone, but that software would have to pass through two phalanxes of corporate scrutiny first.

A hacker could potentially distract a driver by blasting the stereo, or disable the navigation system…

The makers of smartphone operating systems vet third party apps and so do the car companies. That’s why the number of apps available for infotainment systems like Ford’s Sync or Chevrolet’s MyLink number in the tens, not the thousands.

Still, assuming a hacker could get some malware into a car’s infotainment system, could they do any damage?

A hacker could potentially distract a driver by blasting the stereo, or disable the navigation system, but these types of attacks are more annoying than life-threatening. The driver would still be in control of the car, after all. But if the driver was unaware that the GPS system had been tampered with or was being controlled, a car could be sent the wrong way down a one-way street or into a hazardous situation. Far-fetched? Maybe not, since that is what apparently happened to this yacht.

Interconnected systems

So some parts of a car are hard to access, while others are easy to access but can’t do anything dangerous. So you’re pretty safe, right?

Ford OpenXC
Ford OpenXC

That may change in the future, though. In the past, car control systems have been separated from secondary systems like audio and navigation, but that’s changing as the computerization and interconnectivity throughout a car’s systems grows to, ironically, give drivers more control over things like suspension settings, steering sensitivity and engine power output.

A vehicle’s different automated features can be linked in many ways. For example, in some cars, the doors lock automatically when the transmission is shifted into gear. This seemingly innocuous feature isn’t as well-protected as the vital CAN bus, so could it be used as a back door for an attack? Not necessarily.

A connection may exist, but that doesn’t mean it can be exploited by hackers. In the case of automatic door locks, the information usually only flows one way: the locks are activated by the engine or transmission, not vice versa.

However, this could become more of a problem as a car’s mechanical systems become intertwined with its digital ones. Car companies like Ford are looking to leverage vehicle data to improve the customer experience, but that means giving programmers more access to cars than ever before.

Ford’s OpenXC program gives third party developers access to a car’s onboard sensors, in order to collect data that can be used by driving-specific apps. If that practice becomes commonplace, carmakers will have to work harder to separate vital controls from connected devices.

Many cars can now be accessed remotely by smartphones or assistance services like OnStar and Drone Mobile, which can track a vehicle’s position, remotely open doors, start engines and run heating or cooling systems in advance of the driver getting into the vehicle. All of this is done by remote control, whether it’s from a computer terminal, smartphone or key fob. Each presents a possible intercept window for hackers.

Fully electric vehicles may also be vulnerable. Putting them “in gear” is usually done with a stalk or button rather than a mechanical linkage. Suddenly putting an EV into reverse remotely or gaining control of the car’s acceleration as it goes down the highway could obviously cause a crash.

Conclusion: Is car hacking a threat?

Given the numbers of computers in modern cars, and the fact that researchers have hacked them under very limited circumstances, car hacking seems like a very possible threat.

However, while cars are computerized, they don’t work like desktops or smartphones. A hacker looking to take over someone’s car would have to put in a lot more effort than one looking to take over one’s credit card.

Car control systems aren’t set up to accept randomly inserted commands, and even if a hacker managed to fool an onboard computer, that attack would only work for that specific car.

Hacking may become more of an issue in the future as cars become more automated and more connected, but for now, the road is hacker-free.

Emerging Tech

Awesome Tech You Can’t Buy Yet: 1-handed drone control, a pot that stirs itself

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Cars

VW will use Siri as the designated driver for its connected car party

Volkswagen of America added Apple's Siri to help drivers control and interact with their cars. Owners can customize voice commands to tell Siri to change access settings such as interior climate, vehicle lock status, and fuel checks.
Cars

Camaro vs. Mustang: Differences and similarities between two premier pony cars

The Chevrolet Camaro and the Ford Mustang are two of America's favorite sports cars. In this comparison piece, we highlight the main differences between the two machines when it comes to their design and performance, among other factors.
Cars

Bosch, Daimler team up to deploy autonomous Mercedes-Benz S-Classes in San Jose

In 1986, when Bosch and Daimler joined an autonomous car research project, the technology seemed overly futuristic. Now, the partners are aiming to make a production self-driving car by the early 2020s.
Cars

Safety driver in Waymo autonomous car causes collision with biker

Safety drivers are supposed to take control of a self-driving car when a potentially dangerous situation occurs during road tests. But a recent takeover by a Waymo driver resulted in an accident with a motorcyclist.
Cars

Roborace wants human drivers and machines to work together

Roborace believes the future of racing is autonomous, but it's keeping human drivers in the picture for now. For its first race season, Roborace will use a car called DevBot 2.0 that can be driven by humans or machines.
Cars

Tesla raises prices and simplifies options on Model S and Model X

Tesla is making changes to its offerings of the Model S and Model X. The lower-range 75D models will increase in price, while the higher-range 100D models will decrease in price.
Cars

Tesla brings track mode to Model 3 Performance

The new Track Mode introduced for the Tesla 3 Performance model adds stability to the drive while you're behind the wheel and is specifically designed for driving on closed track courses.
Cars

Jaguar’s rally-ready F-Type roadster is happiest off the pavement

Jaguar is celebrating the XK120's 70th birthday by turning the F-Type roadster into a rally warrior. Built to FIA specifications, the model receives suspension and braking upgrades plus a full roll cage to protect the occupants.
Mobile

Lyft’s new rewards program promises ride discounts and comfier cars

If you're always hopping in and out of a Lyft car, then you'll be pleased to hear that the ridesharing service is about to launch a rewards program. Perks include discounts on future trips and upgrades to comfier cars.
Cars

Study suggests autonomous cars could become red-light districts on wheels

Fully autonomous cars can change the way we commute, but they can also have a far-reaching impact on the tourism industry. Two researchers published a study that outlines how self-driving technology could create a new dimension in tourism.
Cars

Meet the born-again Ford Bronco that will soothe your ’90s nostalgia

Ford has confirmed it will bring the Bronco back to American showrooms in a few short years. While it's still very much a work in progress, this is what we expect from the Blue Oval's born-again off-roader.
Cars

Waymo will launch its commercial autonomous ridesharing service in December

Waymo will launch a commercial ridesharing service using self-driving cars in December, according to a new report. As previously discussed by Waymo, the service will operate in specific areas around Phoenix, Arizona.
Cars

Quick! Someone petition Ferrari to make this luscious tribute to the F40

Ferrari looks toward the future as it designs hypercars like the LaFerrari. Designer Samir Sadikhov turned his eye toward the past to create a modern interpretation of the 1987 F40 without venturing into full retro territory.