That 2015 Cadillac Escalade you’ve been coveting is vulnerable to remote hijackers, say hackers Charlie Miller and Chris Valasek, who are presenting “A SURVEY OF REMOTE AUTOMOTIVE ATTACK SURFACES” at this week’s annual Black Hat security conference in Las Vegas.
The increased connectivity of modern cars in the form of integrated Bluetooth and cellular technologies is also increasing their vulnerability to cyber-attacks. The three most vulnerable cars, the 2014 Infiniti Q50, the 2014 Jeep Cherokee, and the 2015 Cadillac Escalade tout features that allow the car to control itself, like auto-braking and power steering, which could be controlled by a hacker with malicious intent.
While it’s highly unlikely that your car will be used in botnets used for spam or DDOS attacks (computers are better for these purposes), VIPs and other dignitaries should be wary of sitting in these types of cars. It’s not much of a stretch to imagine assassins taking over a VIP’s car and then crashing the cars for the ultimate hands-off execution (just like in the movies!).
Fortunately, Miller and Valasek report that as of now, hacking into a car’s computer is all at once difficult, expensive, and time-consuming. The field is still new, and the team that reported the vulnerabilities hasn’t even begun field-testing hacks, as their research so far has been entirely based on publicly available data from the carmakers. And if you really want to drive a modern car and still be safe, the 2014 Honda Accord, the 2014 Audi A8, and the 2014 Dodge Viper are all safe options. These cars keep the vulnerable access points, like the Bluetooth network, separate from the safety critical parts of the car, like braking and acceleration.
As we enter the age of the self-driving car, it’s important to emphasize security so that we don’t trade car fatalities due to human error for fatalities due to cyber-attacks.