Why Your Car Is Insecure

Why Your Car Is Insecure

You may not know this, but most of you drove into work today in a computer.  Don’t believe me?  Oh, maybe because you commonly refer to it as your car.  For the past 40 years car manufacturers have been making cars with computers that typically are located in proximity to the automobiles engine.  The on-board computer controls many things including fuel injection, the anti-lock braking system (ABS), gear shifting, and diagnostics (you know, the infamous check engine light) to name a few.

milestones-garage-diagnostic-warning-lights

However over the past decade manufacturers have started to add more smarts into the cars, specifically to the entertainment system.  Bluetooth, iPod and USB connectors, as well as WiFi all add the ability to connect 3rd party devices to your car.  As consumers we have taken all of these new features for granted but now we are going to need to rethink these capabilities because they are being used also as attack vectors for hackers.

Over the past year more and more reports have been surfacing regarding groups of people who have been able to successfully hack into the car’s computer and expose some serious exploits.  Last month Chrysler recalled 1.4 million of Dodge Rams, Vipers, Durangos, Chargers and Jeeps due to a flaw in their UConnect entertainment system which could allow an attacker to gain control of critical functions such as braking, steering, speed control, and the transmission.  Then this week Tesla Model S cars pushed out a patch to a flaw that could allow hackers to take control of the vehicle (The details of this hack will be announced during Def Con).  I am pretty sure that we will be hearing more car hacks relating to other car makers in the up coming months too.

The major problem is that there is a design flaw in the how the components in the car connect to the computer.  They use a standard protocol called CAN bus which is similar to the internal bus in typical computers.  Car manufacturers say that the components are “firewalled” from the entertainment system but clearly this isn’t enough.  They need to go back to the drawing board and physically separate the entertainment system from the CAN bus and this will prevent these types of attacks from happening in future model cars.  But there is no word yet whether or not manufacturers are going to be taking this route.  For now if you get a recall letter for your car you should always take it seriously and get your car fixed, regardless of the reason.

About the author
Michael Battaglia

Michael is a senior programmer for Multi Data Services in NY. Coding not just his day job, it is his passion.