is your car vulnerable to hackers? - one way car alarm
How vulnerable is your car to hackers?
After Wired magazine recorded a staged incident in which hackers remotely disabled Jeep SUVs, the problem became more urgent, causing the unlucky reporter driver to be trapped in the ditch.
The simple answer is that modern cars have matured in the chaos of the Internet.
Cars have become smartphones on wheels. -
Huge rolling cage for software code that controls brakes, steering and propulsion, not to mention radio, weather apps and air conditioning.
But some cars are more likely to get hacked.
Bait than others
Wired hackers Charlie Miller and Chris varasker targeted 2014 Jeep Cherokee because they used to think it was the easiest to hack, according to a survey of more than 20 different models.
Other vehicles that they consider particularly vulnerable include Toyota's 2014 Infiniti Q50 and Toyota Prius, GM's 2015 Cadillac kailade, 2014 Ford Fusion, 2014 BMW X3 and i12, and 2014 Range Rover Evoque.
The cars that are most vulnerable to hacking are one of the newest vehicles on the road, usually only those with Internet connections, map features, or infotainment systems.
Research by Miller and varasker and interviews with analysts show that the most troublesome cars are Internet systems that embed infotainment systems and connect with other networks on the car, such as brakes and propulsion devices.
The "least easy to use" cars they surveyed were 2014 Dodge Vipers, 2014 Audi A8 and 2014 Honda Accord.
On February, cbs's 60 Minutes showed how GM was hacked through its OnStar connection system.
The test was conducted with a researcher from the United States. S.
The United States Department of Defense's Senior Research Planning Agency (DARPA) is working to find ways to eliminate threats.
"Everything can be cracked," said Thilo Kosloski, head of Gartner automotive practice group . ".
But remember that the word firewall was invented by the automotive industry.
Now they need to apply it to bits and bytes.
"Internet access is like a personal computer. cars can't completely block digital intrusion.
A key step is to ensure that communication networks like brakes and accelerated people are not accessible via the Internet.
"It violates some very basic and known best practices," said Steve manzuk, director of security research at Duo security, whose investors include Google.
"It is this approach that makes it possible to attack like a Jeep example.
"Wired hackers accessed their Jeep Cherokee remotely by penetrating its UConnect infotainment system and reprogramming the vehicle.
For industry observers who had previously questioned whether hackers could penetrate into the vehicle system without a wired connection in the cabin, this was shocking.
"It's hard to do it, but it can be disturbing," said Matt Clements, security solutions architect at Arxan Technologies . ".
According to Frost & Sullivan, there are about 16 "clear attack points" for ordinary modern cars ".
These include routes that are not very obvious to the average driver. -
For example, a seemingly harmless tire
Pressure Monitoring System.
The good news: hackers have not shown much interest in cars yet.
There has never been a documented incident in which hackers caused accidents on the road.
First, there are very few financial motives for attacking vehicles.
Hackers can focus on computers and mobile devices to steal financial information.
Cars don't usually store too much personal data.
But complex hackers just want to create confusion and can cause some damage.
"It's getting closer to where you can say it could be a malicious hacker," said Richard Wallace, director of transportation systems analysis at the automotive research center.
Ford Motor said they have invested heavily in research and development and information sharing to improve vehicle network security.
For example, GM hired a chief product network security officer, Jeff Massimilla, in 2014.
Ford said it was "starting from the beginning" to incorporate the principles of cybersecurity into the design of the product development process.
"We don't know anything about the penetration or damage of Ford cars at the scene," Ford said . ".
A few weeks before the release of Wired, automakers representing 98% vehicles on the road have agreed to join a new consortium called the car information sharing Consulting Center (ISAC)
This will allow manufacturers to violate the-trust laws.
"They are equipped with a lot of very good software engineers, or they are working with software companies that are already ahead of this," says Jon Allen Hamilton network expert and consultant for the ISAC project.
Still, some lawmakers in Washington are unhappy with the industry's online response. U. S. Sen. Edward Markey (D-Mass. )and U. S. Sen.
Richard Blumenthal (D-Conn. )
Launched long on Tuesday-in-the-
Develop legislation that requires federal regulators to develop cybersecurity standards and ratings for automakers.
Earlier, Mr. Ma released a report in February accusing the auto industry of "a clear lack of appropriate security measures to protect drivers from hacking ". ".
"It's clear that elastic network security technology is particularly important as software engineers package cars into code to handle autonomous driving systems.
Analysts expect completely driverless cars to hit the road in the next 10 or 20 years.
Next, driverless cars will have higher bars when computers drive cars. Other semi-
Autonomous technology is already available here.
For example, GM and Tesla have introduced similar features this year to allow luxury cars to drive automatically.
Drive on the road.
"We have all these benefits from this technology, but it also gives control of the vehicle to the computer ---
"These computers may start to be controlled by someone," said Carl Brewer, an analyst at Kelly's Blue Book . ".
One way for automakers to enhance network security is to adopt systems that allow excessive usethe-
Air software update.
Some luxury car manufacturers like Tesla and BMW can already do that.
When BMW found out that it might theoretically allow hackers to open the door with a smartphone, it had air-safety repairs to the car earlier this year. Although over-the-
Experts say air updates could also expose cars to other bugs, a key step in achieving a quick fix.
"They need to be much easier to update their vehicle on a large scale rather than going to the dealer or using a USB stick.
"If it's hard to do it, most people who drive out won't bother to update," says Clements, Arxan security solutions architect . ".
As far as automakers are concerned, they are reluctant to talk publicly about their cyber security efforts.
This is partly because they don't make themselves targets for hackers who are constantly looking for challenges.
But they also don't want to scare customers into believing the problem is serious.
Many consumers choose to avoid products that they think are vulnerable to hacking.
Praveen Narayanan, analyst at Frost & Sullivan, said it was critical that automakers began to consider cybersecurity issues at the beginning of the product design process.
But he urged consumers not to panic.
"Yes, people are getting worried," Narayanan said . ".
"But let's not be too advanced.
All this noise comes from the safe community-a community that wants to do business at the end of the day.
"According to USA Today reporter Nathan Bomey Twitter @ NathanBomey and Mark Dela vein @ marcodelacava.