For years, vehicles have been rolling with computers, and to access them, a repair expert needed to plug into a specialized car port. But with the growing popularity of smartphones, Bluetooth and other Wi-Fi options, there are many more ways for hackers to access a vehicle, explains Dan Chilcott, a research associate with Virginia Tech’s Center for Automated Vehicle Systems. So just how vulnerable are vehicles to being hacked? And will vehicle-to-vehicle communication (V2V) technology open the door to possible attacks?
“We’ve had very powerful computers in cars for years and it hasn’t been a large issue,” he says. “You didn’t have as many access points as you have now with smartphone apps, Bluetooth and other ways of connecting with your vehicle. Because of the additional connectivity, such as being connected with cell networks, the vulnerabilities to hacking has increased.”
He says hackers are finding methods to infiltrate vehicles outside of the government’s V2V platform, which is still under development.
In a widely circulated report regarding a Chrysler Jeep being hacked, Chilcott points out the hacker got in via the radio.
“I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold,” writes Andy Greenberg for Wired. “Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. … Then the windshield wipers turned on, and the wiper fluid blurred the glass.”
Greenberg had volunteered to be a guinea pig, willingly driving the vehicle while the “white hat” hackers Charlie Miller and Chris Valasek attempted to exploit vulnerabilities in the vehicle’s computer system to gain access. And gain access they did … through a security flaw in the Harmon radio.
Just two years earlier, the hackers had done a similar ploy, but this time their laptop had to be connected to the vehicle’s diagnostic port. This is no longer the case. As Greenberg points out, the hack was now wireless.
As a result of the report, Chrysler issued a recall for 1.4 million vehicles, and the National Highway Traffic Safety Administration (NHTSA) opened an investigation into the potential security flaw.
Harman International Industries Inc., the maker of the audio system in the Jeep Cherokee that was hacked remotely, told NHTSA the software vulnerability is not in infotainment systems it supplies to other automakers.
When it comes to smartphone apps, another security flaw has become clear thanks to “white-hat” hacker Samy Kamkar. Kamkar posted a video claiming he has found a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.
So with all these apparent vulnerabilities, should we be nervous about vehicles that can potentially communicate with each other?
Chilcott says there is no need to be nervous.
“V2V communication works through a secure credential-management system,” he explains. “The only way these radios can communicate is through credentials, and the U.S. Department of Transportation has developed the security for this system. The building block of this system is being worked on. There is a robust amount of information coming in regarding this system from other industries, and it’s being worked on in a very rigorous way.”
NHSTA Administrator Mark Rosekind discussed V2V and also referred to the hacking threat at the Automated Vehicles Symposium.
“Whether for profit or out of sheer malicious intent, we know these systems will become targets for bad actors,” he said in remarks at the conference.
Major automakers are forming an Information Sharing and Analysis Center (ISAC) to team up against cybersecurity threats, according to Rosekind.
“ISACs serve as clearinghouses for information on the latest cyber threats, and can help coordinate security efforts, both before an incident occurs and in the midst of a crisis,” he said.
How will other technology, such as the need for camera calibration, impact the AGRR industry going forward? To find answers, look for the September October AGRR™ magazine.
