Automotive security is odd in that it’s basically nonexistent. We drive around every day in giant, metal contraptions completely controlled by a central computer (more or less) and that computer is essentially open to whoever is bored (or mad) enough to hack it. First of all, I should note that hacking someone’s car is not an easy nor an efficient way of accomplishing anything. You have to have a lot of patience and advanced knowledge of many different things before you would even be able to attempt such a feat, which is why there is so little in the way of automotive security. (This video comes to us courtesy of the genius minds at Motherboard.)
Basically, in modern cars, every piece of equipment in the car is connected. When you push the gas pedal, the message is sent to the main computer, which then decides the best way to achieve that. Obviously all this happens in an instant, but if you break it down, there are a lot of things that need to be coordinated. The CANBUS is the network that allows each part of the car to talk to other parts. Everything is always waiting for a command from the CANBUS. So, what happens if somebody hacks the CANBUS?
Well, first of all, as noted earlier, it would be really difficult. Every piece of the car speaks a different language with different words and requires specific commands that might not (hopefully) be available to the public. Plus, it’s pretty expensive.
If, however, a hacker was able to plant a device on a car, he would be able to completely control that car. This includes things like hitting the brakes or accelerating, but also things like turning off the lights or stopping the engine altogether. A hacker could do a lot of damage by sending a new command to the car. For example, a hacker could drive you off the road or turn off your headlights on a dark road.
GSM networks and cellular networks means that someone could do this from literally anywhere whether they’re in the car behind you or across the country.
According to the experts in the video (it’s a little long, but just fascinating) the scariest thing is the remote access. They’ve demoed the effects from as far away as 1500 miles.
Of course, there are some potential uses that aren’t too farfetched. There have been conversations (amongst hacking experts) about governments using this to assassinate people. It’s pretty ideal for that because there’s no way to prove a car was hacked. The upside is that for the everyday person, this isn’t a real threat because there are easier ways to get rid of people. Basically, it would be easier to just shoot a person than to hack a car and drive it off the road. Don't you feel better?
If you ask me, the scariest part of this is that the same aspect that makes cars vulnerable, which is their connectivity, is the same technology that can be found in other transportation options. This includes things like airplanes or military vehicles. Consider the fact that it's possible to hack a military vehicle and take it over. As one guy points out, you can make a lot of money hacking for bad people.
The important thing is that this is being discussed and brought to the forefront before it becomes a cheap, efficient means of injuring someone. As with anything else, bringing connectivity to a technology exposes it to more security risks.
At the end of the day, this isn’t something that’s going to happen to you accidentally. You would have to be targeted by people with pretty extreme skills and they would have to have access to your car, which would also need to meet a specific set of qualifications. So you're fairly safe...for now.
For the record, I feel like I’ve spent an inordinate amount of time calming people’s fears about someone hacking their driverless car, and this video just set me back several years. Thanks.