18 October 2017 | Igor Ilunin
Smart Car Hacking: A Major Problem For IoT
"If it's a computer and it connects to the outside world, then it is hackable." - Yoni Heilbronn, vice president of marketing at automotive security firm Argus Cyber Security.
The expanding capabilities of smart cars is definitely the most exciting development in the auto industry in decades, as an increasing number of vehicles are connected to IoT to provide a myriad of safety features and services to drivers. However, as is the case with all modern technological advancements, concerns over hackers gaining access to systems have come to the forefront of many people's minds, as compromising the safety and privacy of drivers could have catastrophic results.
The potential ramifications of the malicious exploitation of security vulnerabilities in connected cars is a major problem for IoT, with news stories of hacking interfering with consumer acceptance of the current and future capabilities of vehicles. Although technological advancements in personal transportation are certainly exciting, if there is too much fear of danger amongst consumers, it will prove to be very difficult to achieve mass adoption of smart cars moving forward.
The first widely reported compromise of a smart vehicle occurred in 2015, when security researchers Charlie Miller and Chris Valasek hacked into a 2014 Jeep Cherokee and were able to turn the steering wheel, briefly disable the brakes, and shut down the engine. They also discovered that they could access thousands of other vehicles that were using the wireless entertainment and navigation system called Uconnect, which was common in Dodge, Jeep and Chrysler vehicles. This non-malicious hack prompted Fiat Chrysler to conduct a massive recall of 1.4 million vehicles.
Although the Jeep Cherokee hack was widely reported, it actually wasn't the first successful smart car security breach by any means. Back in 2010 and 2011, researchers from the University of Washington and the University of California at San Diego published papers illustrating vulnerabilities in connected cars that could be compromised by hackers, either remotely or in person. And last year, researchers in Germany released a study showing their ability to unlock and start 24 different vehicles with wireless key fobs by remotely taking over control of the device and amplifying its signal. These researchers claimed that hackers could therefore drive a car away while the wireless key fob was still sitting in the owner's house.
The possibilities are extremely frightening. If hackers can remotely gain access to a vehicle's controls while the owner is driving, could they steer the vehicle into oncoming traffic, or into a building?
Experts agree that these fears are valid, considering the fact that security researchers have successfully taken over control of the critical functions and safety features of vehicles, such as the Jeep Cherokee incident in 2015.
At the same time, automotive manufacturers and transportation companies are well aware of this problem, and appear to be taking it very seriously, hiring a slew of cyber experts in recent years as part of a concerted auto industry effort to greatly increase the strength of security features in cars.
Of course, it's important to remember that even with valid concerns over the unlikely possibility that any particular vehicle will be subject to an attack by a hacker, the safety and convenience benefits of smart cars far outweigh the vulnerabilities, as these new technologies are already making the roads safer for us all.