How to hack into a car and why the industry is nervous about it
A lot of research has gone into protecting online bank accounts, cell phones, home computers, and more. Almost none has gone into automotive electronics, even in today's emerging age of the connected car. Researchers at the University of California, San Diego succeeded in infiltrating automotive computer systems that are standard in every new car, truck, and minivan. Their research was backed by similar hacks done by a researcher at the University of Washington.
They showed that not only could they break into the electronics of today's vehicles easily, but they could do it remotely. They weren't just gaining access to controls for the radio or the headlights either. They were able to activate brakes, turn off engines, lock and unlock doors, and more. All potentially serious safety hazards should they be used nefariously.
Early research by the scientists required physical access to the car and its computer diagnostic port, so it was not concerning. Their latest study, presented in August 2011, however, showed how they were able to remotely gain access through common Bluetooth, telematics cell connections (such as GM's OnStar system), and the computers used by mechanics during diagnostics. All three of these did not require the hacker to have physical access to the car and two of them could be done at any time.
In response to the research and the gasps of concern from automakers, SAE International has formed a committee to draft new standards for security measures in automotive electronic systems. SAE, North America's largest automotive trade group and industry guideline provider, says that the committee formed in March of 2011 and will likely have draft recommendations for the SAE's annual meeting this year.
For its part, the U.S. Department of Transportation says that they're working on revising their own testing procedures for automotive electronics and will likely have new regulations for them in coming years.
Both General Motors and Ford have said that they are internally implementing security precautions in their vehicle's systems, but have cited security concerns when asked to elaborate on what those precautions are.
The worries the automotive industry is seeing with its more connected vehicles and their electronic vulnerabilities are similar to what has happened before, multiple times, in many electronics markets. Mobile phones, when first introduced, had almost no security and those with the know-how could easily tap into a phone remotely and listen to conversations or download contact lists. Today, encryption and hack proofing are standard. The same happened when the Internet was publicly introduced, when mobile banking entered the scene, and more.
Earlier research in Japan and by automakers themselves showed exploits that could be used to gain access to vehicles and even start them without a key using keyless entry systems and other now-common devices. Security designers quickly responded with better standards and new technologies.
Will cars ever be totally secure? Probably not. As with other electronics, the innovation and upgrades usually happen faster than security measures can keep pace, so vulnerabilities will always exist. Add to that the ingenuity of people who are intent on breaking those systems and nothing can be considered 100% secure. Still, standards will help minimize risks and keep all but the most concerted attacks from being successful.