Can your car be hacked?
The mainstream press has been filled recently with news of software systems in various cars being hacked. Which naturally raises the question: “Can your car be hacked?”
The answer to that question is, it’s unlikely, but with the strong caveat that it’s not impossible.
The concern first arose back in 2010, when two university researchers gained partial control of a General Motors car via cellular and Bluetooth connections in its OnStar system, prompting GM to develop cybersecurity patches for that system.
This year, two other hackers took over control of a Jeep Cherokee remotely, via a laptop, exploiting a weakness in that vehicle’s Uconnect telematics system.
As a result, Fiat Chrysler issued a recall of 1.4 million vehicles to correct that vulnerability.
Since then, Tesla, considered by some to be closer to the cutting edge of electronics technology than traditional automakers, also proved vulnerable to hackers, who were able to shut down the car when it was being driven at low speed.
Tesla responded by issuing an over-the-air computer update to Model S vehicles in service.
The good news in all those cases is that the people involved were considered “white-hat” hackers.
They shared their exploits with the automakers involved, allowing them to take corrective action.
The bad news is that there were vulnerabilities that could be exploited if they searched hard enough and long enough — two years in one case.
So, the same may be the case for other software and other vehicles.
“Today, an average mid-size vehicle has approximately 40 to 50 individual microprocessor-driven systems, which require approximately 20-plus million lines of code,” this, according to a recent report by KPMG.
“A larger, high-end luxury vehicle might have as many as 100 million lines of code.”
That’s a lot of potential vulnerability.
For that reason, most automakers have stepped up their cybersecurity activities significantly, in some cases adding new departments and staff dedicated to that effort.
It’s the very systems and functions that buyers now demand and expect that make vehicles more susceptible to hacks.
Things like remote access to door locks and climate controls, and the ability to start the vehicle remotely.
Add in a connection to the Internet and the potential for hacking expands exponentially.
Still, there’s the question of why anyone would hack into your car.
What’s the return on the investment of time and intellect applied to such a problem?
Until now, it seems to be just the challenge of doing it; of outsmarting the manufacturers, and in some cases, earning money from them for doing so.
Apart from the sheer mischief value, there seems to be little payback for hacking an individual car. Unless, for example, that car is connected to your phone, which is connected to personal information such as your bank account; the possibilities get scary.
For such reasons, the U.S. National Highway Traffic Safety Administration (NHTSA), has advised the industry to establish cybersecurity standards on its own before government regulation is deemed necessary.
Sounds like good advice!