7 creative cases of car hacking

According to a 2019 CNBC report,  two security researchers, or “white hat hackers,” extracted personal data from a wrecked Tesla Model 3. The computers in the car revealed mobile phones and tablets had been paired over 170 times, as well as call logs, calendar entries, email addresses, and 73 navigation locations.

No list of car hacks is complete without this one. In 2015, researchers Charlie Miller and Chris Valasek took remote control of a Jeep Cherokee driven by Wired journalist Andy Greenberg. From a laptop computer 16km (10 miles) away, they were able to control the accelerator, brakes, air conditioning, windshield wipers, and even the radio, eventually “driving” the car into a ditch. The FCA recalled the vehicles and released a security patch for the vulnerability.

A necessary requirement for connected vehicles is the Controller Area Network (CAN). In 2017, Trend Micro researchers exploited a flaw, disabling a car’s airbags, reprograming the infotainment system, tampering with the locking system, and even stealing the vehicle.

A rather creative, disgruntled employee of Texas Auto Center remotely activated the vehicle-immobilization system in over 100 of the company’s vehicles. This triggered the horns and disabled the ignition. The exit interview would have been interesting.

In 2018, researchers Vangelis Stykas and George Lavdanis reported a serious bug in a server run by a US provider of IoT software applications, granting them access to production databases and connected vehicle management systems. In theory, they could have reset passwords, located vehicles, disabled alarms and started the engines.

Utilizing about $600 worth of computing and radio equipment, a team of academic hackers from the Katholieke Universiteit Leuven in Belgium cloned the key fob of a Tesla Model S in 2018. In only two seconds, the researchers wirelessly read signals from a Tesla fob, accessed the cryptographic key, opened the car’s doors, and drove away.

McAfee Advanced Threat Research has been conducting a fascinating study on adversarial machine or “model hacking,” the concept of exploiting weaknesses present in machine learning algorithms to achieve adverse results. Their aim is to identify issues or upcoming problems in an industry – in this case, the automotive industry – where technology is evolving more rapidly than the required security.

Their model hacking involved attacking machine learning image classifier systems used in autonomous vehicles, focusing on causing the misclassification of traffic signs. The autonomous car’s camera saw one sign, but registered it as another – in this case, mistaking a stop sign for a speed limit sign.