Deutsch
English
As a child, I loved Knight Rider (it's OK to laugh), the suntanned hotshot Michael Knight and his wonderful car. K.I.T.T. was equipped with artificial intelligence while my dad's car could only signal when it was out of oil and sometimes, it even "forgot" this feature. We've come a long way since then, engineers are now working on self-driving vehicles and modern cars, stuffed with sensors, are more like driving computers. But what was originally intended for better comfort and safety is turning into a security problem.
Modern cars are supposed to offer comfort, safety, even entertainment and that often requires online connectivity. Automated locking mechanisms, tire pressure sensors and comparable systems all use radio frequencies and don't forget the traffic jam service that constantly needs to stay up to date. If you can connect to your car via Bluetooth or WLAN so can others. Do you have an app for your car that lets you turn on the heat or plan destinations in advance? Shady characters will find this very interesting and they usually come equipped with laptops and all the latest technology.
It's the CAN (Controller Area Network) bus, the part that provides extensive cross-linking for all device controllers, that is frequently at the core of this issue. Once hackers gain access to this nerve center, things get serious. As different systems have to communicate with each other, it's not overly hard to transition from one part, e.g. entertainment, to more vital systems such as the brakes. At least that's what current examples show that stem from scenarios in which the various systems were not effectively separated. And don't forget, even if an attack is not immediately life threatening, there's still a chance that private user data will get stolen. The more features a car provides and the more we use them, the more lucrative potential attacks become.
Even simple comfort features found in so-called keyless systems have serious flaws. These cars use radio signals to detect the proximity of your keys and unlock their doors and ignition once you approach them. Experts (including car thiefs) have come up with a simple trick: While you're waiting, e.g. at the counter in the gas station, a guy happens to stand right next to you with a receiver and transmitter in his pocket that relays the signal to your car. It's then incredibly easy to open and make off with your car without causing scratches or a stir. Put badly: Keyless systems not only make getting into your car easier for you but also for the bad guys.
"Over the air" is another term frequently heard in discussions about modern cars. What sounds like a plane trip is actually software updates delivered to cars via mobile connectivity. It's a great system since it enables modifications to safety relevant systems that become active the moment you start your car, there's no more need to visit a garage. This gives manufacturers a way to respond to software bugs as fast as possible and may render many recalls unnecessary over night. The downside of this feature recently hit Tesla whose S models were attacked by hackers in this way. Tesla reactedm the security hole was fixed but only time can tell how long the fix will hold and how many other manufacturers will ultimately be affected as well.
Car manufacturers apparently need to learn from their mistakes. Officially, every system is safe until proven otherwise. Two specialists recently hacked a Cherokee model from the Fiat Chrysler group using the infotainment system as their entrance point. They were then able to remotely control brakes, acceleration, door locks, air conditioning and windshield wipers. A nightmare for whoever was in the car at that time. Tesla's response was swift, 1.4 million cars were recalled and the security hole got fixed. Thankfully, these were well-meaning hackers that expose security risks for public benefit and don't mean to cause any harm. That won't always be the case!
Yet, the individual risk is currently quite small. It takes a lot of effort to implement these hacks and requires considerable knowledge and resources since every manufacturer uses different security mechanisms. There's simply no universal approach, no common, easily exploitable security flaw that affects all models. But experience shows that criminal minds can manage considerable technical achievements. Drivers can only hope that, while companies take advantage of technological progress, they don't lose sight of potential risks.
And if you're wondering whether the drivers in front of you have just been hacked: Unlikely, they really drive like that.
Author's side note: During my research, I've naturally come across detailed descriptions of how to implement these hacks. I've decided not to include them in this article so that my readers don't get any ideas!
Interesting post considering this is the future of the motor industry. £50000.00 car stolen by £ 50.00 worth of computer equipment.
Great article. Thanks.
This is why this nerd is rapidly turning into a 'luddite' , I drive a 1983 Nissan S12 Silvia, it has some useful features like warning when a headlight or brake light is blown, it has a computer but this just tells the injectors when to squirt and the plugs when to spark. It's totally reliable and has never let me down in 15 years, and has just rolled over 320,000 kms, and the only connectivity it has is to the local broadcast radio stations, one way only.
The vulnerability of your car is only the beginning.
When all of our domestic devices are connected to the "internet of things", once it's been hacked your car will be able to switch off your fridge so that your beer gets warm, overheat your oven so that your dinner is burned and change the programme on your washing machine so that your sweater is ruined.
The future is truly bleak.
Great article Sven, so true ..... the people responsible for producing everything that uses current technology have only done half a job........as your article indacates.....open doors for hackers to 'walk right in, sit right down' and enjoy a free ride.
I have a 2004 sedan in pristine condition, I drive with care, I try to avoid the 'crazies' who ignore the road rules and concentrate 100% on controlling my vehicle when heading to my destination.
Technology has headed toward the realms of insanity, and those pushing it must live in a bubble away from real life, common sense without considering the consequences.
I will not, and have no wish to sit in the belly of a robot on four wheels and eventually lose the ability to manually perform everything I do and every move I make.
If human beings wish to become zombies and control everything they do only by speaking to a robot and pushing buttons I pity them.
Technology will never replace real life experiences, and Virtual Reality in effect is not reality at all, it is Virtual Pretense.
[quote]"An attempt to make something that is not the case appear true."
Far be it from me to demonize technology. I like and make a living through it. But it seems to me that manufacturers seldom question the purpose and safety of their creations.
Instead, they hype every innovation and can’t wait to integrate it into their products.
Thank You Sir. I suppose in order to warn others we potentially give them ideas as well. An unfortunate side effect of good info. Well written article.
Thanks a lot, any time! I also found this topic very interesting even though it has yet to become a burning issue, most likely in the future.
I was aware of these hacks and the potential dangers they impose to the driver and others on the road. It is dificult to make advances in asisting the driver and making the vehicle safer without the use of sofware after all the fuels system breaking etc all rely on a engine management center that is primarly a computer.
I have one of these keyles entry system cars and a few weeks ago I went shopping and left my wife in the car as the car is a hybrid the engine was not running when I left taking the key with me, however the car was running and aparently several lights started to flash but the car continued to run. Why is there not a system to shut the vehicle down when the key is not detected? this could have been an accident wating to happen.
The next point is why can they not install a mobile phone signal blocker when the vehicle is running after all they can detect incomming calls this would potentialy save lives.
Thank You Sir for an excellent article...my son works in "cyber security" & has really opened my eyes to the dangers of the net. I loved "knight rider" too! & whilst my car is 17yr old my brother in law recently bought a new BMW ....crammed full of electronic wizardry,which made me wonder....is the traditional mechanic soon to be a thing of the past??....Your article was a real "eye opener" to the potential threats of "bad people"....THANK YOU.
BMW’s keyless system was also affected according to test results. I’m hoping they’re already working on the issue.
There actually WAS an episode of [I]Knight Rider[/I] where KITT was hacked! It was called [I]Soul Survivor[/I]--S02E08--see? You're not the [I]only Knight Rider[/I] nerd out there! [I]Knight Rider[/I] and [I]Airwolf[/I] were my two favorite shows growing up in the '80s!
But, to quote Matthew Broderick, from a famous '80s movie, [I]WarGames[/I], "I don't believe [I]any[/I] system is [I]totally secure![/I]"
You are absolutely right, shame on me! :)
I also loved Airwolf, it even once made me want to to learn the Cello! I disliked Street Hawk as that series was obviously filmed on a $10 budget. He appeared out of the mist and went straight into it in the next shot…