Computer says ‘go’: is your car in danger of being hacked?

Published: 19 August 2016

► Specialists raise concerns about security
► Remote control of key functions possible
► Keen to see manufacturers act earlier

Connecting your car to a smartphone or the internet can bring many benefits, whether that’s the ability to check how much fuel is in it from the sofa to alerting you to traffic on your morning commute. 

But it also gives hackers a doorway into your vehicle – an ability to get inside its systems and in extreme cases, like 2015’s infamous Jeep hacking, remotely control its functions.  

Global cybersecurity specialists IOActive, the group responsible for discovering the Jeep hack, says it has dedicated five times as many hours of research into this area in 2015 as it did just two years previously. However, the manufacturer response has been less than convincing.

How worried should I be about car hacking?

Only a little – but it’s worth bearing in mind a few key things. In March the FBI released advice suggesting owners keep their car’s software up-to-date, and to be aware of who has physical access to it, much like a smartphone or laptop. 

A report published by IOActive collating three years’ worth of data has highlighted a number of what it calls ‘hair-on-fire vulnerabilities’ for connected cars. Corey Thuen, senior security consultant at IOActive, said: ‘The days when a rogue street urchin wielding a coat hanger was the main threat to vehicle security are long gone. Manufacturers really need to wake up to the risks they face in the new connected world.’

What kind of situations could arise if someone hacked my car?

Half of the problems discovered could result in complete or partial loss of control of a vehicle, and 71% could be exploited without much difficulty for an expert attacker. Nearly a fifth, however, had no impact at all. IOActive highlighted a number of routes in for hackers, ranging from Bluetooth and Wi-Fi to on-board diagnostic equipment and companion apps, like those released by manufacturers to help you find your car or keep an eye on upcoming services. 

What are the solutions?

While many weaknesses could be fixed with a simple patch or update, some problems such as those stemming from the vehicle’s design may only be fixable by a recall. 

Thuen added: ‘The majority of cybersecurity vulnerabilities are not solvable using bolt-on solutions, instead relying on sound engineering, software development practices, and cybersecurity best practices. 

‘Failing to address security at the early development stages could be very costly in the long-run, leading to loss of consumer confidence or even product recalls – a situation that some vehicle manufacturers would find hard to recover from.’

Read more CAR tech news and features here

By Adam Binnie

Bauer Automotive's new cars editor; likes bikes and burgers, often over-tyred