You’re driving down the road when suddenly your windscreen wipers turn on automatically and your car starts slowing down without you pressing the brake. Then, you find your brakes don’t work at all. It’s a potentially nightmare situation that’s completely possible.
Researchers have been examining the electronic systems built into every car produced these days, as well as accessories that access the car’s systems. What they found is pretty scary, but is it something you really need to worry about happening to you?
Controlling a car via SMS
At the University of California, San Diego researchers found a security flaw that let them access a car’s systems. They demonstrated their findings at Usenix, a security conference held in Washington DC. In the video below you can watch how they send SMS messages to control the Corvette after hacking in using a security vulnerability.
The vulnerabilities they found weren’t with the car itself though. It turns out that a commonly used device called a dongle is what opened up the car’s systems to hackers. The dongles plug into the car and monitor performance such as fuel efficiency, miles driven and other information. Fleet operators, lorries, and certain insurance companies use them to keep track of their drivers and vehicles.
The particular model examined by the researchers was distributed by a company called Metromile, a US based insurance company. The dongles were shipped in a “developer mode” which left them with very little security and already set up to respond to commands via SMS.
The affected dongles have since been patched according to the manufacturer Mobile Devices. Newer models are said not to be susceptible to hacking. But according to an article in The Guardian, the researchers found thousands of the dongles around the world that were still vulnerable. Similar devices distributed by other companies have had major security issues as well.
Not just dongles
Dongles aren’t the only electronics in cars that can be hacked. According to AutoExpress.co.uk, a recent study of 20 cars showed security was an issue for a number of electronics systems. They looked at things like Bluetooth, Wi-Fi, mobile network connections, key fobs, remote starts, and tyre pressure monitoring systems.
In the study they looked at how each of these types of systems enabled someone to access critical systems such as brakes, seat belts, and steering. They found that in many models of cars they could connect via wireless network and control the systems. In this study, the researchers didn’t use SMS messages though. They accessed the systems directly through the network.
Car theft via hacking
Another study reported on AutoExpress.co.uk looked specifically at security vulnerabilities that allow your car to be stolen by hacking. They commented that 4 out of 10 car thefts in major cities involve hacking.
Most of the hacking involves tricking a car’s immobiliser, a device that is supposed to prevent the car from starting unless the proper key is provided. The most easily compromised systems used start buttons which rely on fobs rather than physical keys.
This type of hacking though usually requires physical contact with the car, so again, SMS messaging alone would not be sufficient for a hacker to steal or control your car. The researchers also pointed out that it takes a lot of resources (money, time, technology) to steal or control cars this way. So it isn’t something you’d expect the average car thief to use.
Even so, auto manufacturers are working to improve security. Some have already issued fixes, and one company in the US issued an official recall (which isn’t done lightly).
So do you need to worry about your car being hacked, via SMS or any other method? Probably not, but if you use a dongle you might want to make sure it’s not one of the compromised models. And most of the cars examined were in the US. The same report that revealed issues with immobilisers also revealed that UK models have different security so they won’t have the same vulnerabilities.
The bottom line is that it takes a lot of work to hack into a car the way the researchers did. The average Brit probably shouldn’t lose any sleep over the idea of theft or of losing control of their car via SMS message or wireless access. But it’s good to stay aware of any patches or recalls to your vehicles, just in case.