Regulators Worry Hackers Have Learned to Hijack Cars

Car makers and regulators see a rising threat in automobile hacking.

by / November 25, 2014
The Tesla Model S is one of the many cars, electric or not, proven to be susceptible to hacking. Flickr/Christopher Dorobek

Can cars be hacked?

The U.S. military and the automobile industry believe they can. Tests conducted by hackers in the U.S. military confirm that, given the right time and tools, a car’s control systems are susceptible to attack, according to the Associated Press.

That fact, not necessarily novel, has become a pressing concern for the industry as a growing number of cars come to market embedded with electronics. In the tests, hackers proved that once they penetrate a vehicle’s defenses, they can do almost anything, whether that’s popping the trunk, cutting the brakes, starting windshield wipers or even killing the car’s engine.

Possible entry points hackers might use to compromise a vehicle’s controls can be electronic ports used by mechanics for service, Bluetooth-equipped cars and access points used by mobile apps.

Despite an absence of recorded criminal attacks of such digital commandeering, U.S. military and privately conducted tests have raised red flags for auto brands.

In a 92-page paper released in August at the BlackHat security conference in Las Vegas, cybersecurity researchers Charlie Miller and Chris Valasek shared a review of cars surveyed as most susceptible to hacking. The automobiles attributed with the weakest defenses included the 2014 Jeep Cherokee, the 2014 Infiniti Q50 and 2015 Cadillac Escalade. Teslas have also been in the news for hacking when Chinese students proved they could hack a Model S Tesla at another cybersecurity conference.

In response, some brands have moved into action. General Motors, for example, is researching security methods of companies like Boeing. Likewise, manufacturers such as Toyota and Honda are participating in a collaborative group called the Auto-Information Sharing and Analysis Center, a group that shares information on detected cyberthreats.

As study and analysis continue, the U.S. Department of Defense reports it has also been investigating the issue and seeks to plug vulnerabilities by refashioning the automobile code to make it impervious to major attacks.