The auto manufacturing industry unfortunately hasn’t taken the issue as serious as they should. In fact, not even so in the face of an increasing number of demonstrations revealing just how easy it is to hack a car—case in point, the video above.
How easy is it to hack a car remotely? It’s just a matter of exploiting the plug-in trackers auto insurance companies use. Once they’re in, a hacker can send a command to the car to disable the brakes, for example, making any driver’s ultimate nightmare a reality.
The Nuts & Bolts
All modern cars have computer modules installed in them. They are typically located right under the steering wheel, which mechanics use to diagnose and read measurements of your car’s metrics.
This is also where insurance companies typically implement a tracker device that plugs in to the car’s computer to monitor a driver’s on-road behavior, with the promise of lower insurance rates if they drive safely. What makes it easy for a hacker to attack this configuration is the fact that the insurance company’s tracking device utilizes the same mobile cellular network as our phones do to receive text message inputs, requiring little technical background to exploit it.
The text messages are encrypted, but the fact that they are simply just that—text messages—gives hackers the access they need to achieve their goals.
No one man should have all that power.
One major problem with onboard computers is that they are extremely rudimentary and yet they control virtually everything in the modern automobile. If you get access to the CAN (controller area network) you then have control over everything from the steering to the brakes and ignition, not to mention all the tech devices that contain sensitive information like the drivers IP address or phone numbers. This CAN format has remained virtually unchanged since 2007, which gives you an idea of how high up on the priority list these onboard computers are for automakers.
So, what is the auto industry’s response to car hacking hitting the media?
Well, it depends on which company you ask. Tesla is leading the way in this aspect of automobiles as well. With their tech background, they were one the first to understand that aligning themselves with hackers is the only way to defend themselves against them.
Most hackers aren’t the shadowy, evil, and diabolical figure that has become their identity in all movies and TV shows. They are mostly driven by curiosity and the challenge of puzzles or solving riddles. Hackers who aren’t interested in a life of crime and being hated, which is the vast majority, are considered “white hat” hackers, who hack with harmless intentions.
Tesla Motors embraces these white hat hackers by awarding a $10,000 prize to those who find exploits in their cars and helps them patch it before anyone can attempt to do any harm to their vehicles or owners.
Although, not a manufacturer, Uber is another company who has taken a proactive approach to strengthening their company’s security. They have gone as far as hiring hackers to be their lead designers and engineers.
However, surprisingly most major automakers have essentially dismissed these hacking threats and continue to drag their feet when it comes to consumer safety. What will most likely happen is, as with most cases like this, the government will start enacting legislation requiring manufacturers to protect the public. The FTC actually just won a case recently that went after hotels who were not securing their networks, which violates a customer’s right to reasonable privacy.
This provides a good opportunity for the FTC to force the auto industry’s hand in improving the security of their onboard computers, which would be a genuine improvement in the safety of all drivers on the road.
video source: WIRED (Jul 21, 2015) – “Hackers Remotely Kill a Jeep on the Highway—With Me in It”