Advertisement

Car hacking: study shows over 100 models at risk

A new car hacking study showed thieves can disable immobilisers and drive off without a key in models from Volvo, VW, Audi and Fiat

Laptop

A new study has found that electronic immobilisers used by 26 car manufacturers are vulnerable to hacking, putting many motorists at risk. Currently four out of 10 car thefts in major cities like London involve some form of car hacking.

In light of police reports unable to explain how some cars are stolen, researchers Roel Verdult, Flavio Garcia and Baris Ege began to investigate the nature of vehicle immobilisers – devices that prevent the engine from starting without the correct key.

Advertisement - Article continues below

Immobilisers used in 100 different models from the likes of Volvo, VW, Audi and Fiat – especially models that come with a starter button instead of a key – were found vulnerable to hacking by thieves with access to a computer. The researchers were banned from publishing the report for two years by car manufacturers due to its sensitive nature.

How does immobiliser hacking work?

Since 1995 EU legislation demands that all new cars come standard with an electronic immobiliser. This device only allows the vehicle to start when it is provided the right credentials - but thieves can wirelessly steal all of the information from a car key in seconds.

Advertisement
Advertisement - Article continues below

They are then able to fool the car into thinking the key is present, and drive away as if they had the key.

In other instances, the researchers were able to fake the signal via trial and error and fool the immobiliser into thinking a key exists – in fact, in this test the car was started in under 30 minutes. 

Advertisement - Article continues below

The researchers say all of the vehicles tested were compromised because the communication signal can be interpreted and eventually predicted.

While all this requires physical access into the car – the report voiced concerns over the growing threat of car hacking in the industry: “It is surprising that the automotive industry is reluctant to migrate to better transponders considering the cost difference of a better chip (less than £1) in relation to the prices of high-end car models (in excess of £50,000).”

Jeep Cherokee recall over car hacking research

Two US researchers recently contrived to elevate car hacking from an engineering anomaly to a widespread recall issue by wirelessly taking control of a 2014 Jeep Cherokee. They managed to remotely control the car’s air-conditioning, radio and, more worryingly, its brakes and engine.

Attacking the car’s security through an electronic opening in its radio system, Charlie Miller and Chris Valasek sent lines of code wirelessly to the Jeep’s on-board computer. Using just their keyboards, Miller and Valasek fiddled with the Cherokee’s infotainment, before immobilising the Jeep on the side of the road.

Advertisement - Article continues below
Advertisement
Advertisement - Article continues below

• Keyless car crime on the up as hackers clone keys

The possibility that car hackers with more sinister motives could take control of a car prompted Fiat Chrysler Automobiles to issue a US based 1.4 million vehicle recall for Jeeps, Dodges and Chryslers in an effort update their software systems and prevent the possibility of real car hacking attacks.

Car key theft

The US Federal regulators are now also involved in investigating Fiat Chrysler and the potential security flaws in their vehicles. This and the possibility of the net widening to involve vehicles from other manufacturers has prompted questions over how secure modern cars and their computer systems really are from cyber attacks?

Below, we’ve compiled a detailed breakdown of the car hacking issue looking at how hackers access modern cars and what manufacturers are doing to combat this new threat to car security.

Is your car at risk from the car hackers?

While the media storm surrounding Fiat Chrysler’s car hacking vulnarabilities is centred across the pond, UK motorists could be at similar risk of being targeted by delinquent tech experts. 

Advertisement - Article continues below

Rumours of remote attacks on the computer systems within our vehicles have circled the automotive industry for years, but as modern cars feature more and more wireless connections, Bluetooth accessibility and other routes of electronic entry, the risks of car hacking attacks are only likely to increase.

Advertisement
Advertisement - Article continues below

Modern cars at serious risk from computer hackers

Miller and Valasek reveal that most cars are hacked by accessing their Electronic Control Units (ECUs). All modern cars contain ECUs that control everything from infotainment to the ABS system. ECUs work together as a network – where one influences the other, and alter their functions in different driving modes. 

DAB radio

The number of ECUs in modern cars ranges from 20 to 100, which in effect means 100 different points of access for potential car hackers.

Accessing ECUs can now be done wirelessly, either through Bluetooth or even DAB radio connections, but assuming physical control of a car requires more than just a point of entry. 

Advertisement - Article continues below

A common attack consists of the hacker sending a line of code that allows them to listen to the ECU – observing your driving patterns and choices of radio station, for example. To actually control the vehicle, however, the attackers would need to get one ECU to interact with others – thus influencing the system.

To control the safety critical ECUs such as the ABS, Miller and Valasek point out that “the attackers will have to somehow get messages bridged from the network compromised ECU to the network where the target ECU lives.”

Advertisement
Advertisement - Article continues below

This is basically the method through which the US researchers were able to control the Cherokee’s brakes by accessing its DAB radio. Their report explains that; “after the attacker has wirelessly compromised an ECU and acquired the ability to send messages to a desired target ECU, the attacker may communicate with safety critical ECUs.”

It is this latter stage of the successful hack, establishing a bridge of communications from one ECU to the next, wirelessly, that has caught auto manufacturers by surprise. Fiat Chrysler identified a potential threat to their non-critical vehicle safety systems as early as January 2014, but failed to acknowledge that hackers could use it to establish a bridge from one ECU to another and thus assume controls of safety critical systems. 

Advertisement - Article continues below

In their research of 21 different vehicles, Miller and Valasek identified tyre pressure monitors and remote keyless entry systems as the most susceptible routes of entry from which to access safety critical ECUs.

What are manufacturers doing about car hacking?

It’s not all doom and gloom for the modern day motorist where the car hacking threat is concerned. Manufacturers are working on establishing more secure systems and networks for their cars.

Fiat Chrysler are looking to patch up their software to prevent further attacks, and while the attack on the Jeep Cherokee stirred a commotion, the men behind it point out that it required time, money and resources, all in abundant quantities, to pull off.

Manufacturers also continue to work with tech experts to highlight potential bugs in the network, and fund research to establish better security systems for their wireless systems. 

It’s also worth pointing out that each manufacturer has its own data and computer systems in its vehicles that the hackers will need to overcome. Just because one car has been compromised by hackers it does not mean that all models are vulnerable to the same attack.

Which cars are most and least vulnerable to car hackers?

To account for this difference in computer systems across the car industry, Miller and Valasek tested 21 cars and found some of the most popular makes and models in the UK differ significantly in their cyber security. Some of the best and worst performing models are listed below…

Jeep Cherokee front cornering

Difficult cars to hack

  1. 2014 Audi A8
  2. 2014 Honda Accord
  3. 2010 Range Rover Sport

Easy cars to hack

  1. 2014 Jeep Cherokee
  2. 2014 Toyota Prius
  3. 2014 Infiniti Q50

Have you been a victim of electrionic car crime? Tell us about it in the comments section below...

Advertisement
Advertisement

Recommended

Deaths on UK’s major road network reach eight-year high
Car crash, insurance, write-off, accident
Consumer news

Deaths on UK’s major road network reach eight-year high

Official figures reveal an increase in fatalities on Strategic Road Network, with collisions costing over £1 billion in a year
7 Jul 2020
VED road tax: how much does it cost?
car tax calculator
Consumer news

VED road tax: how much does it cost?

Confused by VED road tax? Our comprehensive guide explains how much you'll pay on your next car
3 Jul 2020
Six-month MoT extension ends on 1 August
Consumer news

Six-month MoT extension ends on 1 August

Department for Transport ends MoT extension on 1 August; cars due an MoT before that date still get extra six months
29 Jun 2020
BMW and Mercedes pause autonomous car partnership
BMW and Mercedes
BMW

BMW and Mercedes pause autonomous car partnership

German firms had previously agreed to work together on Level 4 self-driving systems, plans that have been paused following a "mutual and amicable agre…
19 Jun 2020

Most Popular

Skoda Octavia Estate vs Toyota Corolla Touring Sports
Estates

Skoda Octavia Estate vs Toyota Corolla Touring Sports

Skoda’s new Octavia Estate has moved upmarket. We find out if it’s a better wagon than the Toyota Corolla Touring Sports
4 Jul 2020
New Ineos Grenadier 4x4: prices, specs and video of the Land Rover Defender rival
Ineos Grenadier

New Ineos Grenadier 4x4: prices, specs and video of the Land Rover Defender rival

The Ineos Grenadier will be built in Wales and will use BMW engines, but fuel-cell electrification is also likely in the future
7 Jul 2020
New Skoda Octavia vRS line-up completed as petrol and diesel models arrive
Skoda Octavia vRS Hatchback

New Skoda Octavia vRS line-up completed as petrol and diesel models arrive

Skoda has unwrapped the complete Octavia line-up, which now offers a choice of petrol, diesel or plug-in hybrid powertrains
3 Jul 2020