Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Autos

Can your car be hacked?

In theory, given the proliferation of computer-controlled systems within automobiles, newer cars are subject to hacking.  As with tablet, laptop, notebook and desktop computers, unscrupulous evil-doers could wreak havoc with the well-being of you and your vehicle.  But they probably won’t.

Andy Greenberg, of Forbes magazine, recently got a sample of the potential mayhem while he was in the driver’s seat.

Computer programmers Charlie Miller and Chris Valasek are out to prove that the risk is inherent in any vehicle dependant on computer commands.  They are conducting their studies through a large grant, and hope their efforts will induce the auto manufacturers to supply added effort to reduce the threat.

Of course, car makers ARE aware of such potential malicious attacks and have already taken some steps to avert them.  Miller and Valasek simply wish to make real-world demonstrations so manufacturers address the situation even more seriously.  They feel that just as home computers had vulnerabilities in the 1990s, the latest computerized vehicle functions could be hacked.

So when Greenberg stomped on the brakes of the 3,500-pound SUV demonstration vehicle with no effect, he became anxious.  It happened because two delighted hackers were in the back seat using a laptop to mess with the anti-lock brake system.

That day, with all of this happening at less than 5 mph, the tester merely plowed into some high weeds growing in the abandoned parking lot of a South Bend, Indiana strip mall that the programmers chose as the testing grounds for the day’s experiments.

“Okay, now your brakes work again,” Miller said, tapping on a beat-up MacBook connected by a cable to an inconspicuous data port near the parking brake.  After the brake scare, the pair of tricksters also made the horn honk repeatedly, turned the steering wheel and even tightened the seatbelts.

But such deviousness is unlikely at the moment.  The intrusion by these geeks was gained by tediously disassembling the test vehicle to attain access to its control systems.  However, the pair claims that remote wireless access to computers is already an established threat, and the things they are showing could also be accomplished that way.

“That way” (remote wireless) is not as likely, though, since auto manufacturers are installing firewalls to ward off potential attacks.  Still, our experience with home and business computers shows that each new security update breeds a new hacker’s attempt to get around it.  That’s why Miller and Valasek are exposing weaknesses now.

Other studies have shown that Wi-Fi networks such as General Motor’s OnStar, Toyota’s SafetyConnect and Ford’s SYNC could act as wireless links enabling unwanted intrusion to vehicle control systems. “Academics have shown you can get remote code execution,” says Valasek, using hacker jargon for the ability to start running commands on a system. “We showed you can do a lot of crazy things once you’re inside.”

No one wants to have their brakes disabled, have them applied at freeway speed, or have the steering wheel suddenly jerked from their grip.  That is exactly why these programmers are undergoing their “carhacking” experiments.

As cars approach Google’s dream of passenger-carrying robots, more of their capabilities also become potentially hackable.  Miller and Valasek exploited Toyota’s and Ford’s self-parking functions, for instance, to hijack their vehicles’ steering.  A car like the 2014 Mercedes Benz S-Class, which can negotiate stop-and-go traffic or follow a leader without input, may offer a hacker even more points of attack, says Gartner Group analyst Thilo Koslowski.  “The less the driver is involved, the more potential for failure when bad people are tampering with it,” he says.

In the meantime, the devil’s advocate duo argue that the best way to pressure car companies to secure their products is to show exactly what can be done with a multi-ton missile on wheels. They believe it’s better to experience the panic of a digitally hijacked SUV now than when a more malicious attacker is in control.

The probability of “carhacking” may be low right now, but I agree that bringing potential problems to the attention of manufacturers and consumers is beneficial to assuring that those problems never materialize.

Readers may contact Bill Love via e-mail at precisiondriving@spokesman.com.