Modern cars are basically a computer on wheels, so how vulnerable are they to hacking?
The first computer chips were embedded in cars in the late 1960s to manage basic things like fuel injection, but these days electronics control practically every aspect of new vehicles. This means the more complicated and connected your car is, the more potential security vulnerabilities it could have on board.
You’re pretty safe if you’re still driving an old FJ Holden from the analogue days but, before you get too paranoid, it’s important to keep things in perspective.
Admittedly, the impact of someone hacking your car could be life-threatening. But also consider the likelihood of hackers coming specifically after you. Unless you’re seriously at risk of espionage or assassination, you can probably sleep safe at night. If someone wants to spy on you, they’re far more likely to target your computer or smartphone.
Keeping all this in mind, how might hackers target your ride?
How can hackers break into your car?
Some modern cars are always connected to 4G/5G mobile broadband, creating the potential for hackers to access them from afar. Alternatively, attackers might try to physically plug something into your car, or trick you into doing it for them.
They’re helped by the fact that today’s cars feature a Controller Area Network (CAN bus) that allows all the car’s tech systems to talk to each other – so hacking into one system can offer access to all the others.
All modern cars have an internal diagnostic port, with the OBD-II standard introduced in the late 1990s. Beyond just monitoring your car’s performance, it can also act as a gateway to the rest of your car’s technology.
You can buy Bluetooth OBD-II dongles to tap into your car’s diagnostics from your smartphone, but they can also leave the door open for hackers. Security researchers have demonstrated the ability to stop a moving car remotely via a vulnerable Bluetooth OBD-II dongle.
Since the mid 2000s, many new cars have also come with USB and/or memory card slots – either built directly into the car or into the entertainment system. They’re primarily designed for digital music storage, but some can also be used to load software updates for the different systems in your car – again offering hackers a chance to get a foothold.
You might also be able to connect your smartphone via USB, Bluetooth or even onboard Wi-Fi, creating the potential for hackers to attack your car via your phone (or your phone via your car). If your entertainment system includes internet connectivity and a web browser, that’s another way to load malware onto your car.
Hackers are also known to clone key fobs, or boost their signal, in order to unlock cars and start the engine. If you can start your car via a smartphone app, that’s another potential vulnerability.
What could hackers do to your car?
The smarter your car, the more havoc hackers can wreak if they get control. The results can vary from annoying to life-threatening.
In 2015, security researchers hacked into a 2014 Jeep Cherokee via mobile broadband and used Chrysler’s onboard UConnect software to disable the brakes, turn the steering wheel and kill the engine of a moving car.
While that flaw has been patched, it’s an example of the kind of vulnerability that could be lurking in other cars. Earlier this year, hackers at a security conference hacked into a Tesla Model 3’s infotainment system via Bluetooth and took control of the entire car – winning $100,000 and the Model 3 that they managed to compromise.
Instead of running you off the road, hackers might simply lurk while tracking your location and perhaps using the hand-free calling speaker to listen to your conversations.