Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Study names the five most hackable vehicles

Lucas Mearian | Sept. 15, 2015
Intel creates Automotive Security Review Board to look into vehicle cyber threats

"We can, and must, raise the bar against cyberattacks in automobiles," Chris Young, senior vice president and general manager of Intel Security, said in a statement. "Few things are more personal than our safety while on the road, making the ASRB the right idea at the right time."

Today's modern automobile uses between 20 and 70 computers, each with its own specialized use. For example, engine control units oversee a wide array of electronic sensors and actuators that regulate the engine and maintain optimal performance. Vehicle manufacturers use the generic term "electronic control units" (ECUs) to describe the myriad of computers that manage various vehicle functions.

For example, ECUs control vehicle safety functions, such as antilock brakes and proximity alerts. And climate control systems are governed by an ECU that receives temperature data from sensors inside the cabin and use that to adjust air flow, heating and cooling.

Typically, all of a vehicle's computer systems can be accessed over a vehicle's controller area network (CAN) via the radio head unit, a computerized system that runs a car's or truck's communications and entertainment system.

Many of today's modern vehicles can be accessed via cellular, Bluetooth or even WiFi connectivity. While no easy task, once a hacker gains access to the vehicle's head unit, its firmware can be used to compromise the vehicle's CAN, which speaks to all of the ECUs. Then it's just a matter of discovering which CAN messages can control various vehicle functions.

For example, a security researcher recently posted a video on YouTube demonstrating how a device he made could intercept wireless communications to locate, unlock and remotely start GM vehicles that use the OnStar RemoteLink mobile app.

screen shot 2015 09 14 at 1.20.27 pm
PT&C|LWG Forensic Consulting Services The Toyota Prius was seen as vulnerable because of "faulty" software in the car's hybrid-control system.

Another recent hack demonstrated how a 2015 Jeep Cherokee's CAN could be accessed via a cellular connection and everything from steering and braking to seatbelts and the radio could be remotely controlled.

The Jeep Cherokee hackers, security experts Charlie Miller and Chris Valasek, said because of cellular access, hundreds of thousands of vehicles are potentially at risk of being hacked from great distances.

The PT&C|LWG study estimated minimum distances from which a vehicle could be hacked according to the wireless communication protocol it is using.

For example, a passive anti-theft system could be access from 10 meters (33 feet), a radio data system (or radio head unit) could be hacked from 100 meters, a Bluetooth system could be accessed from 10 meters, a smart key from five to 20 meters and a vehicle equipped with Wi-Fi... well, it could be hacked from anywhere there's Internet access.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.