This week’s Black Hat Conference in Las Vegas has given us 1.3 billion passwords hacked, airplanes hackable in the air and now, your car joins the hackable friendly brigade.
Computer security researchers Charlie Miller and Chris Valasek have released a report and discussed its findings at the Black Hat hacking conference in Las Vegas. The report rate the most hackable vehicles on the market today with the Chrysler 2014 Jeep Cherokee, the Infiniti Q50 and the 2015 Cadillac Escalade getting the most attention.
Chrysler spokesman, Eric Mayne, told Reuters, “Chrysler Group will endeavor to verify these claims, and if warranted, we will remediate them.”
However, despite the shock and awe headlines, it should be noted that the researchers did not, in fact, test the vehicles themselves. They did their assessment based on possible remote attacks and by analyzing important aspects of the car’s technology such as the number of remote access technologies. These include Bluetooth and WiFi. Obviously, these are easy gateways for hackers to gain access to a car’s systems.
The least hackable vehicles turned out to be the Dodge Viper, the Audi A8, and the Honda Accord. For example, the Audi A8 separates possible viable attack points, like Bluetooth and digital radio, from the safety critical controls such as steering and brake and has them working on different computing networks within the car.
Charlie Miller is a security engineer at Twitter and Chris Valasek works at IOActive, the same firm as Ruben Santamarta who uncovered security flaws in airplane communications systems.
Miller and Valasek reviewed 21 different cars. They considered the possible ways that an attack could take place by looking at points of vulnerability for each car’s computer systems, called cyberphysical assets.
The full report should be on IOActive.com before the end of the summer.