Drivers of tricked-out, hyper-connected vehicles like Chrysler’s 2014 Jeep Cherokee, Nissan’s 2014 Infiniti Q50, and GM’s 2015 Cadillac Escalade may be unsettled to learn that they’re cruising around in some of the most hackable automobiles on the roadways.
For those whose chariot of choice is a Dodge Viper, Audi A8, or Honda Accord, on the other hand—never fear, your Internets are probably safe.
That’s the message security researchers Charlie Miller and Chris Valasek are spreading at this week’s Black Hat conference in Las Vegas, where the pair are presenting their latest report on vulnerabilities discovered in the in-vehicle computing systems which make modern cars tick.
Miller and Valasek recently spoke with Information Week’s Dark Reading blog to discuss their findings.
Unsurprisingly, the pair found that modern vehicles with the most complex, interconnected network and computing systems were the easiest to hack. A car like the Infiniti Q50 “would be the easiest of all to hack,” Miller and Valasek told Dark Reading, “because its telematics, Bluetooth, and radio functions all run on the same network as the car’s engine and braking systems, for instance, making it easier for an attacker to gain control of the car’s computerized physical operations.”
Other modern cars like the Audi A8, which the researchers called the “least hackable” vehicle among those they reviewed, don’t feature connections between their “network-accessible potential attack surfaces [and their] physical components such as steering,” Miller told the tech blog.
That’s the potential dilemma for today’s consumers—get the car with state-of-the-art, automated navigation and driving systems, and you may be buying a rolling honeypot for hackers.
Of course, as with recent reports on the hackability of airplanes, the fears over modern cars getting taken over by malicious actors—and presumably driven off a cliff or into head-on traffic or something equally awful—haven’t been matched by any such incidents on our real life roads, as far as we can tell.
Part of the reason for that may be that it’s long been believed that a hacker would have to be in very close proximity to a vehicle to take over its systems. That’s tough to do when your quarry is literally a moving target. But Miller and Valasek said close-range attacks are not necessarily the only ways cars can be taken over these days.
“Some attacks would require the attacker to be within a few meters of the targeted car, but telematics-borne attacks could occur from much farther away,” possibly breaking in through a car’s wireless-enabled radio to take over its steering or other driving systems, Dark Reading cited the researchers as saying.
