Not too long ago, securing a car meant popping the faceplate off the CD player, slapping a Club over the steering wheel, and locking the doors. As vehicles’ electronic systems evolve, however, automobiles are starting to require the same protection as laptop computers and e-commerce servers.
Currently, there’s nothing to stop anyone with malicious intent and some *computer-programming skills from taking command of your vehicle. After gaining access, a hacker could control everything from which song plays on the radio to whether the brakes work.
While there are no reported cases of cars being maliciously hacked in the real world, in 2010, researchers affiliated with the Center for Automotive Embedded Systems Security (CAESS—a partnership between the University of California San Diego and the University of Washington) demonstrated how to take over all of a car’s vital systems by plugging a device into the OBD-II port under the dashboard.
It gets worse. In a paper that’s due to be published later this year, those same researchers remotely take control of an unnamed vehicle through its telematics system. They also demonstrate that it’s theoretically possible to hack a car with malware embedded in an MP3 and with code transmitted over a Wi-Fi connection.
Such breaches are possible because the dozens of independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.
Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network that’s not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached.
So the possibility now exists for platoons of cars to go rogue at the command of computer-savvy terrorists, crazed exes, and parking attendants with Ph.D.s in computer science. But the truth is that hacking a car takes a lot of time, effort, and money—three resources automakers are using to fight back.
At Chrysler, where optional infotainment systems are integrated with hard drives and mobile internet hot spots, company spokesman Vince Muniga says a data breach of an individual automobile is “highly unlikely.” That doesn’t mean the company is ignoring the problem. “It’s an ongoing engineering issue,” he says. “You want to stay one step ahead of what these guys might do.” Rich Strader, Ford’s director of information technology security and strategy, says the automaker has been steadily strengthening in-vehicle systems, but the threat is always evolving. He says the difficulty with security is that “you can’t honestly say something is impossible.”
Presently, automakers are beginning to take steps to secure networks the same way the information-technology sector now locks down corporate servers. “Just like the internet in its early days, car networks don’t employ very much security,” says Brad Hein, a programmer who accessed vehicle data from his 2006 Chevy Impala on an Android phone using code he’d written. “As more people start to access car networks,” Hein says, “I expect that the auto industry will start beefing up the security.”
That’s certainly happening at OnStar, the telematics system that’s already in more than 6 million vehicles. Eric Gassenfeit, OnStar’s chief information security officer, says his team has seen resources and staff grow “by an order of magnitude” over the past two years.
So the battle between the hackers and the carmakers is on. Here are your car’s most vulnerable entry points and what automakers are doing to protect them:
A car’s telematics system, which can notify police in the event of a crash, remotely disable a stolen vehicle, and offer diagnostic information to customers, can also interface with multiple vehicle systems. Therefore, after gaining access to the telematics system, it’s possible to control the systems connected to the CAN bus. A hacker could, for example, disable a car’s ignition the same way an anti-theft system would.
To demonstrate this kind of hack, researchers had to master and reverse-engineer an entire telematics system. Still, forward-looking automakers are already beefing up the security of external communications and in-car networks. OnStar, for example, has a “white list” of approved computers that are allowed to connect with cars.
Naughty boy. You downloaded your Odd Future tunes from an unauthorized file-sharing service. Little did you know that version of Goblin contains code that battles its way to your car’s CAN bus and disables your brakes.
As infotainment systems gain functionality, carmakers are shielding them from more vital components without jeopardizing vehicle integration. “We harden all our safety-critical systems,” says OnStar’s security chief Gassenfeit. GM’s newer cars, such as the 2011 Chevy Volt, verify any data sent between two systems the same way online retailers process credit cards.
Just as smartphone manufacturers have app stores in which thousands of programs developed by third-party companies are available for download, carmakers are expanding their infotainment offerings through downloadable software. If a rogue app contains malware or a virus, however, it can infect your car without your knowledge.
Carmakers are very strict in selecting which apps make it onto their systems. Ford’s MyFord Touch and Toyota’s Entune allow only a handful of preapproved programs, while GM’s MyLink goes so far as to route all software through remote servers so that users won’t inadvertently install infected apps on their cars.
The researchers at CAESS wrote a program that searched for and exploited vulnerable communications points where vehicle systems interface. They installed that program onto the car’s CAN bus through the OBD-II port. Once on the network, the program could control every system from the windshield wipers to the brakes. This is the most direct way to hack a car, as it sends code directly to the CAN bus.
Until recently, most of the data sent among vehicle systems had not been encrypted, leaving cars wide open for enterprising hackers. Now, carmakers are starting to adopt routine security protocols from the information-technology field, such as protecting files with digital signatures. “What’s pretty much standard IT is now being applied to the automotive sector,” says Gassenfeit.
In most modern cars, the power-locking mechanism is connected to other vehicle systems so that doors can lock automatically when a car is put into drive and unlock if the airbags have been deployed or the keys are locked inside. That interconnectivity, theoretically, means that the locking mechanism can be breached to access other systems. If accelerating can engage a car’s power locks, a skilled hacker could use the power locks to force that car to accelerate.
Infotainment and onboard diagnostic systems are still linked by a physical connection to the module that controls functions such as steering and braking, but on some systems, such as Ford’s, that connection goes only one way. “The only thing we allow is for the real-time module to send messages in one direction,” says Ford’s Strader.
It sounds like one of those warnings that shows up in chain e-mails every few months, except it’s true. A wireless key fob is supposed to unlock and/or start the car only when the person holding the key-fob is directly next to the vehicle or already sitting inside. However, Swiss researchers have found a way to intercept and extend the signal up to 30 feet with parts that cost less than $100. The setup doesn’t replicate the signal—it just extends its range so the car thinks the key fob is closer than it actually is.
There’s not much a car manufacturer can do here. These hackers haven’t broken the key fobs’ encryption in any way—they’ve just extended its range with a radio repeater. So keep an eye out for anyone loitering in a parking lot and holding a homemade antenna.