When we think about hacking, many of us think about the security of our computers or our credit card information, but many would never think of our cars as a potential target for hackers.
All the information we see on the dashboard computer is linked to critical components throughout the car. The more bells and whistles we demand, the more technology is packed inside our vehicles.
“They put those features in there because people want them. If people didn’t truly want them, they wouldn’t put the expense out to put them in there,” says AAA Southern New England’s John Paul.
“If the car is able to tap into its various facilities, then that means there’s computers that are monitoring all those different kinds of things. To me, that makes me wonder what kinds of risks might exist in these computers,” says Adriel Desautels of Computer Security company, Netragard.
A recent study done by University of Washington and University of California-San Diego proved researchers were able to control a car’s brakes and engine, after having access to the vehicle.
Researchers at Rutgers and the University of South Carolina were able to hack into the tire pressure monitoring systems of two cars by using the radio frequencies made to communicate between the tires and the cars’ engines. But controlling your car from a computer, according to some, isn’t far behind.
“The things somebody could do would really be limitless if these things are internet connectable,” according to Desautels. A self-admitted hacker, Desautels considers himself an ethical hacker, who exposes security flaws to educate. Though he says there are many out there who aren’t looking to help.
Add in the availability of mobile hotspots and internet connections in cars, and he says hackers have the potential to do a lot of damage.
“Imagine doing something like infecting that car with a worm. You’re driving down the road, and all of the sudden the brakes on half of your car apply. You’re done. You’re going to get in a big accident because of the car. So you can effectively take a weaponized piece of code, you can plant it into one of these things, and have a catastrophic failure,” Desautels says.
Think it’s far fetched? It’s not. We found postings on Twitter about a new car from a major manufacturer with its own IP address, about to hit the market. Hackers were forecasting an internet worm targeting the car’s brakes.
“The couple of car manufacturers I’ve talked to, both Chrysler and Ford, they were well ahead of the curve and they put the same kind of sort of firewalls in place that any sort of good business computer system would have, so if someone tried to hack into it, they would either signal it, or try to stop it before it happens,” John Paul of AAA Southern New England says.
He says car manufacturers have prepared for security and downplays the likelihood of major car hacking. “Even anything that potentially could happen would be very, very minor in nature. So the idea that someone could pull up next to you with the laptop and shut your car off, probably isn’t going to happen,” Paul says.
While targeting your specific car isn’t as likely, according to Desautels, it might be that hackers focus on certain models. Why would hackers want to do this? The answer, according to Desautels, is simple, “ask any hacker, and they’re gonna say because I can.”