Car hacking: study shows over 100 models at risk
A new car hacking study showed thieves can disable immobilisers and drive off without a key in models from Volvo, VW, Audi and Fiat
A new study has found that electronic immobilisers used by 26 car manufacturers are vulnerable to hacking, putting many motorists at risk. Currently four out of 10 car thefts in major cities like London involve some form of car hacking.
In light of police reports unable to explain how some cars are stolen, researchers Roel Verdult, Flavio Garcia and Baris Ege began to investigate the nature of vehicle immobilisers – devices that prevent the engine from starting without the correct key.
Immobilisers used in 100 different models from the likes of Volvo, VW, Audi and Fiat – especially models that come with a starter button instead of a key – were found vulnerable to hacking by thieves with access to a computer. The researchers were banned from publishing the report for two years by car manufacturers due to its sensitive nature.
How does immobiliser hacking work?
Since 1995 EU legislation demands that all new cars come standard with an electronic immobiliser. This device only allows the vehicle to start when it is provided the right credentials - but thieves can wirelessly steal all of the information from a car key in seconds.
They are then able to fool the car into thinking the key is present, and drive away as if they had the key.
In other instances, the researchers were able to fake the signal via trial and error and fool the immobiliser into thinking a key exists – in fact, in this test the car was started in under 30 minutes.
The researchers say all of the vehicles tested were compromised because the communication signal can be interpreted and eventually predicted.
While all this requires physical access into the car – the report voiced concerns over the growing threat of car hacking in the industry: “It is surprising that the automotive industry is reluctant to migrate to better transponders considering the cost difference of a better chip (less than £1) in relation to the prices of high-end car models (in excess of £50,000).”
Jeep Cherokee recall over car hacking research
Two US researchers recently contrived to elevate car hacking from an engineering anomaly to a widespread recall issue by wirelessly taking control of a 2014 Jeep Cherokee. They managed to remotely control the car’s air-conditioning, radio and, more worryingly, its brakes and engine.
Attacking the car’s security through an electronic opening in its radio system, Charlie Miller and Chris Valasek sent lines of code wirelessly to the Jeep’s on-board computer. Using just their keyboards, Miller and Valasek fiddled with the Cherokee’s infotainment, before immobilising the Jeep on the side of the road.
The possibility that car hackers with more sinister motives could take control of a car prompted Fiat Chrysler Automobiles to issue a US based 1.4 million vehicle recall for Jeeps, Dodges and Chryslers in an effort update their software systems and prevent the possibility of real car hacking attacks.
The US Federal regulators are now also involved in investigating Fiat Chrysler and the potential security flaws in their vehicles. This and the possibility of the net widening to involve vehicles from other manufacturers has prompted questions over how secure modern cars and their computer systems really are from cyber attacks?
Below, we’ve compiled a detailed breakdown of the car hacking issue looking at how hackers access modern cars and what manufacturers are doing to combat this new threat to car security.
Is your car at risk from the car hackers?
While the media storm surrounding Fiat Chrysler’s car hacking vulnarabilities is centred across the pond, UK motorists could be at similar risk of being targeted by delinquent tech experts.
Rumours of remote attacks on the computer systems within our vehicles have circled the automotive industry for years, but as modern cars feature more and more wireless connections, Bluetooth accessibility and other routes of electronic entry, the risks of car hacking attacks are only likely to increase.
Miller and Valasek reveal that most cars are hacked by accessing their Electronic Control Units (ECUs). All modern cars contain ECUs that control everything from infotainment to the ABS system. ECUs work together as a network – where one influences the other, and alter their functions in different driving modes.
The number of ECUs in modern cars ranges from 20 to 100, which in effect means 100 different points of access for potential car hackers.
Accessing ECUs can now be done wirelessly, either through Bluetooth or even DAB radio connections, but assuming physical control of a car requires more than just a point of entry.
A common attack consists of the hacker sending a line of code that allows them to listen to the ECU – observing your driving patterns and choices of radio station, for example. To actually control the vehicle, however, the attackers would need to get one ECU to interact with others – thus influencing the system.
To control the safety critical ECUs such as the ABS, Miller and Valasek point out that “the attackers will have to somehow get messages bridged from the network compromised ECU to the network where the target ECU lives.”
This is basically the method through which the US researchers were able to control the Cherokee’s brakes by accessing its DAB radio. Their report explains that; “after the attacker has wirelessly compromised an ECU and acquired the ability to send messages to a desired target ECU, the attacker may communicate with safety critical ECUs.”
It is this latter stage of the successful hack, establishing a bridge of communications from one ECU to the next, wirelessly, that has caught auto manufacturers by surprise. Fiat Chrysler identified a potential threat to their non-critical vehicle safety systems as early as January 2014, but failed to acknowledge that hackers could use it to establish a bridge from one ECU to another and thus assume controls of safety critical systems.
In their research of 21 different vehicles, Miller and Valasek identified tyre pressure monitors and remote keyless entry systems as the most susceptible routes of entry from which to access safety critical ECUs.
What are manufacturers doing about car hacking?
It’s not all doom and gloom for the modern day motorist where the car hacking threat is concerned. Manufacturers are working on establishing more secure systems and networks for their cars.
Fiat Chrysler are looking to patch up their software to prevent further attacks, and while the attack on the Jeep Cherokee stirred a commotion, the men behind it point out that it required time, money and resources, all in abundant quantities, to pull off.
Manufacturers also continue to work with tech experts to highlight potential bugs in the network, and fund research to establish better security systems for their wireless systems.
It’s also worth pointing out that each manufacturer has its own data and computer systems in its vehicles that the hackers will need to overcome. Just because one car has been compromised by hackers it does not mean that all models are vulnerable to the same attack.
Which cars are most and least vulnerable to car hackers?
To account for this difference in computer systems across the car industry, Miller and Valasek tested 21 cars and found some of the most popular makes and models in the UK differ significantly in their cyber security. Some of the best and worst performing models are listed below…
Difficult cars to hack
- 2014 Audi A8
- 2014 Honda Accord
- 2010 Range Rover Sport
Easy cars to hack
- 2014 Jeep Cherokee
- 2014 Toyota Prius
- 2014 Infiniti Q50
Have you been a victim of electrionic car crime? Tell us about it in the comments section below...