Cybersecurity is a growing concern but now, the issue is extending towards cars with a report that shows even the snazziest vehicles can get hacked.
Called "A Survey of Remote Automotive Attack Surfaces," the report shows the results of an analysis of different car makes and models focusing on schematics to check for signs hinting at possible vulnerabilities that hackers can exploit. Done by Charlie Miller and Chris Valasek, the report was presented in a talk at the Black Hat conference in Las Vegas Wednesday.
"A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes," the researchers said. Miller and Valasek have already done a report of the same nature earlier so this one is intended to be an update.
All modern vehicles are equipped with CAN or the controller area network, an internal bus that lets devices and microcontrollers to interact with one another, as well as physical port can be hooked into called the ODB-II.
"The cars OBD-II bus is one of the weak points but wireless technologies such as cellular, V2X and Wi-Fi constitute additional breach points, allowing hacking from a remote wireless device outside of the vehicle compromising the authentication and integrity of messages," said the report. Different manufacturers adopt different technologies so how vulnerable a vehicle is will depend on the kind of technology it is fitted with, as well as how much access the manufacturers are giving developers to tweak a car's CAN.
According to the report, the most hackable cars are the 2014 Infinity Q50, 2014 Jeep Cherokee and the 2015 Cadillac Escalade. The least hackable cars are the 2014 Dodge Viper, the 2014 Audi A8 and the 2014 Honda Accord.
Results were based on three factors: the size of a wireless "attack surface" in a car, like keyless entry systems, Wi-Fi and Bluetooth; the network architecture of a car and how much access is possible to get to critical systems; and the "cyberphysical" features of a car, like lane and parking assist and automated braking.
The researchers, however, have a disclaimer given the method they used for the report: "This doesn't mean that the most susceptible looking isn't in fact quite secure (i.e. coded very securely) or that the most secure looking isn't in fact trivially exploitable. But it does provide some objective measure of the security of a large number of vehicles that wouldn't be possible to examine in detail without a massive effort," wrote Miller and Valasek.