Your Security Partner

Automobile Hacking: Should You Be Concerned?

If you've bought a car manufactured in the past few years, chances are high that it will utilize between 20 and 70 computers, all with their own purposes and uses, and all connected to a central interface. These computers can be hacked in many ways, from malware to wireless hacking, and these vulnerabilities pose a very real threat to consumers. The biggest and most important distinction to make between car computers and personal computers almost speaks for itself. Not only your private information is at stake, but your very life could be as well.

Are car manufacturers doing enough to safeguard these computers? In the case of cars like the 2014 Jeep Cherokee, it doesn't quite seem like it.

API Hacking

One approach to hacking vehicles is through API (application programming interface) management. An example of this is the i3 car, manufactured by BMW, that features integration with Samsung's Galaxy Gear smartwatch — the owner of the car can monitor and control the car's heating and cooling system remotely using the smartwatch. In the winter months, where a driver will wish to return to a warm car, it's not difficult to imagine how often this would be used, or how much vulnerability could be opened up with its frequent use.

Self-driving cars pose a serious concern for the future of connected devices. With companies like Uber investing in self-driving technology, even more vulnerabilities can be exploited in a cars' telematics system, perhaps in more malicious ways that just tampering with a heating system. Before even being rolled out as a test, companies using and manufacturing self-driving cars should be preoccupied with safety and security over anything as computer-powered cars become more commonplace.

What are the Safest Cars on the Market?

Luckily, there are some manufacturers taking innovative methods to securing the whole automobile's connection to its computer interface. According to this study by white-hat hackers Charlie Miller and Chris Valasek, Audi's A8 “[separates its wireless Internet features] from its driving functions on its internal network, with a gateway that would block commands sent to steering or brakes from any compromised radios”. What seems to be an obvious architectural decision seems to be sadly overlooked by many, and a small change like this could be fundamental for making cars more secure against hackers and malicious API management.

Along with the Audi A8, Miller and Valasek's report found the Dodge SRT/Viper and the 2014 Honda Accord to be among the less vulnerable cars. The 2014 Jeep Cherokee, 2015 Cadillac Escalade, and 2014 Infiniti Q50 were listed as some of the most vulnerable.

It is clear that auto manufacturers have a way to go with making computerized, Internet-integrated cars more secure for drivers and resistant to hacking. With more and more cars being manufactured with computers in mind, the gap between car security itself and computer security needs to be bridged in a big way. Any device or system connected to the Internet, no matter its purpose, can be hacked, and an important dialogue about the future of car computers, V2V integration, and self-driving capabilities needs to be opened up by manufacturers and security experts.

About this Blog

The TrustPoint Innovation Blog covers security industry topics relating to Certificates, Elliptic Curve Cryptography (ECC), Machine-to-Machine (M2M) Communication, Near Field Communication (NFC), Vehicle-to-Vehicle (V2V) Communication, and more.

Recent Posts