Camera films a car
#Connectivity & IoT

7 creative cases of car hacking

Listicle
6 Mins.

Since connected cars first originated in 1996 with the introduction of the General Motors OnStar safety system, researchers and hackers have devised ingenious ways to break into the systems and wreak havoc. Here are some examples.

  1. Tesla targeted

    According to a 2019 CNBC report,  two security researchers, or “white hat hackers,” extracted personal data from a wrecked Tesla Model 3. The computers in the car revealed mobile phones and tablets had been paired over 170 times, as well as call logs, calendar entries, email addresses, and 73 navigation locations.

  2. The hack heard around the world

    No list of car hacks is complete without this one. In 2015, researchers Charlie Miller and Chris Valasek took remote control of a Jeep Cherokee driven by Wired journalist Andy Greenberg. From a laptop computer 16km (10 miles) away, they were able to control the accelerator, brakes, air conditioning, windshield wipers, and even the radio, eventually “driving” the car into a ditch. The FCA recalled the vehicles and released a security patch for the vulnerability.

  3. Car hacking CANdo

    A necessary requirement for connected vehicles is the Controller Area Network (CAN). In 2017, Trend Micro researchers exploited a flaw, disabling a car’s airbags, reprograming the infotainment system, tampering with the locking system, and even stealing the vehicle.

  4. One hundred honking horns hack

    A rather creative, disgruntled employee of Texas Auto Center remotely activated the vehicle-immobilization system in over 100 of the company’s vehicles. This triggered the horns and disabled the ignition. The exit interview would have been interesting.

    A man has a mobile in his hand which is connected with his car
    Technology in the automotive industry is evolving more rapidly than the security that’s required to keep hackers at bay
  5. IoT – internet of thieves

    In 2018, researchers Vangelis Stykas and George Lavdanis reported a serious bug in a server run by a US provider of IoT software applications, granting them access to production databases and connected vehicle management systems. In theory, they could have reset passwords, located vehicles, disabled alarms and started the engines.

  6. Fobbing off car security in two seconds

    Utilizing about $600 worth of computing and radio equipment, a team of academic hackers from the Katholieke Universiteit Leuven in Belgium cloned the key fob of a Tesla Model S in 2018. In only two seconds, the researchers wirelessly read signals from a Tesla fob, accessed the cryptographic key, opened the car’s doors, and drove away.

  7. One for the road

    McAfee Advanced Threat Research has been conducting a fascinating study on adversarial machine or “model hacking,” the concept of exploiting weaknesses present in machine learning algorithms to achieve adverse results. Their aim is to identify issues or upcoming problems in an industry – in this case, the automotive industry – where technology is evolving more rapidly than the required security.

    Their model hacking involved attacking machine learning image classifier systems used in autonomous vehicles, focusing on causing the misclassification of traffic signs. The autonomous car’s camera saw one sign, but registered it as another – in this case, mistaking a stop sign for a speed limit sign.

These attacks may sound alarming, but in most cases they are made by “white-hat hackers.” These hackers don’t intend to damage or blackmail the automotive industry: their intention is to reveal weaknesses and provide an opportunity to remove them. Before these weaknesses are made public, carmakers are therefore usually informed so they are able to prepare updates.

Modern cars are complex systems; the possibilities of communication are good as well as bad. This connectivity opens the door for new attacks, but it also helps to secure cars and make them even safer – for example, via eCall. The battle between attackers and carmakers won’t end soon, but cars will become much more robust over time.

Meanwhile, smart card products have been getting ever stronger over the decades. Besides helping to make communication safer – especially because they can be managed over the air – they can also help to secure other use cases in cars, such as digital-car-key (DCK), and vehicle-to-everything (V2X) communication.

Published: 19/05/2020

Share this article