Skip advert
Advertisement

Car hacking: study shows over 100 models at risk

A new car hacking study showed thieves can disable immobilisers and drive off without a key in models from Volvo, VW, Audi and Fiat

Laptop

A new study has found that electronic immobilisers used by 26 car manufacturers are vulnerable to hacking, putting many motorists at risk. Currently four out of 10 car thefts in major cities like London involve some form of car hacking.

In light of police reports unable to explain how some cars are stolen, researchers Roel Verdult, Flavio Garcia and Baris Ege began to investigate the nature of vehicle immobilisers – devices that prevent the engine from starting without the correct key.

Advertisement - Article continues below

Immobilisers used in 100 different models from the likes of Volvo, VW, Audi and Fiat – especially models that come with a starter button instead of a key – were found vulnerable to hacking by thieves with access to a computer. The researchers were banned from publishing the report for two years by car manufacturers due to its sensitive nature.

How does immobiliser hacking work?

Since 1995 EU legislation demands that all new cars come standard with an electronic immobiliser. This device only allows the vehicle to start when it is provided the right credentials - but thieves can wirelessly steal all of the information from a car key in seconds.

They are then able to fool the car into thinking the key is present, and drive away as if they had the key.

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

In other instances, the researchers were able to fake the signal via trial and error and fool the immobiliser into thinking a key exists – in fact, in this test the car was started in under 30 minutes. 

The researchers say all of the vehicles tested were compromised because the communication signal can be interpreted and eventually predicted.

While all this requires physical access into the car – the report voiced concerns over the growing threat of car hacking in the industry: “It is surprising that the automotive industry is reluctant to migrate to better transponders considering the cost difference of a better chip (less than £1) in relation to the prices of high-end car models (in excess of £50,000).”

Jeep Cherokee recall over car hacking research

Two US researchers recently contrived to elevate car hacking from an engineering anomaly to a widespread recall issue by wirelessly taking control of a 2014 Jeep Cherokee. They managed to remotely control the car’s air-conditioning, radio and, more worryingly, its brakes and engine.

Advertisement - Article continues below

Attacking the car’s security through an electronic opening in its radio system, Charlie Miller and Chris Valasek sent lines of code wirelessly to the Jeep’s on-board computer. Using just their keyboards, Miller and Valasek fiddled with the Cherokee’s infotainment, before immobilising the Jeep on the side of the road.

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

• Keyless car crime on the up as hackers clone keys

The possibility that car hackers with more sinister motives could take control of a car prompted Fiat Chrysler Automobiles to issue a US based 1.4 million vehicle recall for Jeeps, Dodges and Chryslers in an effort update their software systems and prevent the possibility of real car hacking attacks.

Car key theft

The US Federal regulators are now also involved in investigating Fiat Chrysler and the potential security flaws in their vehicles. This and the possibility of the net widening to involve vehicles from other manufacturers has prompted questions over how secure modern cars and their computer systems really are from cyber attacks?

Below, we’ve compiled a detailed breakdown of the car hacking issue looking at how hackers access modern cars and what manufacturers are doing to combat this new threat to car security.

Is your car at risk from the car hackers?

While the media storm surrounding Fiat Chrysler’s car hacking vulnarabilities is centred across the pond, UK motorists could be at similar risk of being targeted by delinquent tech experts. 

Advertisement - Article continues below

Rumours of remote attacks on the computer systems within our vehicles have circled the automotive industry for years, but as modern cars feature more and more wireless connections, Bluetooth accessibility and other routes of electronic entry, the risks of car hacking attacks are only likely to increase.

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

Modern cars at serious risk from computer hackers

Miller and Valasek reveal that most cars are hacked by accessing their Electronic Control Units (ECUs). All modern cars contain ECUs that control everything from infotainment to the ABS system. ECUs work together as a network – where one influences the other, and alter their functions in different driving modes. 

DAB radio

The number of ECUs in modern cars ranges from 20 to 100, which in effect means 100 different points of access for potential car hackers.

Accessing ECUs can now be done wirelessly, either through Bluetooth or even DAB radio connections, but assuming physical control of a car requires more than just a point of entry. 

A common attack consists of the hacker sending a line of code that allows them to listen to the ECU – observing your driving patterns and choices of radio station, for example. To actually control the vehicle, however, the attackers would need to get one ECU to interact with others – thus influencing the system.

Advertisement - Article continues below

To control the safety critical ECUs such as the ABS, Miller and Valasek point out that “the attackers will have to somehow get messages bridged from the network compromised ECU to the network where the target ECU lives.”

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

This is basically the method through which the US researchers were able to control the Cherokee’s brakes by accessing its DAB radio. Their report explains that; “after the attacker has wirelessly compromised an ECU and acquired the ability to send messages to a desired target ECU, the attacker may communicate with safety critical ECUs.”

It is this latter stage of the successful hack, establishing a bridge of communications from one ECU to the next, wirelessly, that has caught auto manufacturers by surprise. Fiat Chrysler identified a potential threat to their non-critical vehicle safety systems as early as January 2014, but failed to acknowledge that hackers could use it to establish a bridge from one ECU to another and thus assume controls of safety critical systems. 

In their research of 21 different vehicles, Miller and Valasek identified tyre pressure monitors and remote keyless entry systems as the most susceptible routes of entry from which to access safety critical ECUs.

What are manufacturers doing about car hacking?

It’s not all doom and gloom for the modern day motorist where the car hacking threat is concerned. Manufacturers are working on establishing more secure systems and networks for their cars.

Advertisement - Article continues below

Fiat Chrysler are looking to patch up their software to prevent further attacks, and while the attack on the Jeep Cherokee stirred a commotion, the men behind it point out that it required time, money and resources, all in abundant quantities, to pull off.

Manufacturers also continue to work with tech experts to highlight potential bugs in the network, and fund research to establish better security systems for their wireless systems. 

It’s also worth pointing out that each manufacturer has its own data and computer systems in its vehicles that the hackers will need to overcome. Just because one car has been compromised by hackers it does not mean that all models are vulnerable to the same attack.

Which cars are most and least vulnerable to car hackers?

To account for this difference in computer systems across the car industry, Miller and Valasek tested 21 cars and found some of the most popular makes and models in the UK differ significantly in their cyber security. Some of the best and worst performing models are listed below…

Jeep Cherokee front cornering

Difficult cars to hack

  1. 2014 Audi A8
  2. 2014 Honda Accord
  3. 2010 Range Rover Sport

Easy cars to hack

  1. 2014 Jeep Cherokee
  2. 2014 Toyota Prius
  3. 2014 Infiniti Q50

Have you been a victim of electrionic car crime? Tell us about it in the comments section below...

Skip advert
Advertisement
Skip advert
Advertisement

Recommended

UK in pothole peril with 480,000 breakdowns caused by damaged roads in 2024
Pothole

UK in pothole peril with 480,000 breakdowns caused by damaged roads in 2024

There have been roughly 10,000 more pothole-related callouts so far this year, prompting calls to the government to increase road funding
News
7 Oct 2024
Demand for diesel cars grows faster than for EVs
Diesel pump

Demand for diesel cars grows faster than for EVs

The car industry has warned the chancellor that “consumers respond to carrots, not sticks” and “mandates don’t make a market” as EV sales continue to …
News
4 Oct 2024
1 in 5 new 74-plate cars is an EV, as September sees record electric car sales
Tesla Model Y update 2024 - front

1 in 5 new 74-plate cars is an EV, as September sees record electric car sales

Over 56,000 new electric cars hit the road last month, although the UK car industry doubts the sustainability of the discounts on offer
News
4 Oct 2024
EU confirms huge tariffs on Chinese cars of up to 35 per cent
GWM Ora 03

EU confirms huge tariffs on Chinese cars of up to 35 per cent

European politicians vote to protect domestic car makers in spite of trade-war risk
News
4 Oct 2024

Most Popular

Car Deal of the Day: grab the Vauxhall Grandland family SUV for only £169 per month while stocks last
Vauxhall Grandland - front cornering

Car Deal of the Day: grab the Vauxhall Grandland family SUV for only £169 per month while stocks last

Our Deal of the Day for 3 October lets you get a fully loaded family SUV for well under £200 per month
News
3 Oct 2024
New entry-level Tesla Model Y Long Range RWD boasts 373-mile range
Tesla Model Y update 2024 - front

New entry-level Tesla Model Y Long Range RWD boasts 373-mile range

Tesla’s best-selling Model Y electric SUV now costs from £46,990 – exactly £2,000 more than before
News
4 Oct 2024
EVs outlasting ICE cars says Renault boss
Renault Zoe - front tracking

EVs outlasting ICE cars says Renault boss

Electric car batteries are holding up very well against the test of time
News
4 Oct 2024