Computer hackers Charlie Miller and Chris Valasek have published a list of 24 car models and how hackable their electronics are, reports Andy Greenberg for Wired. They found that the cars most vulnerable to hackers are the ones with the most connected electronics technology.
At the Black Hat security conference in Las Vegas on Wednesday, Miller and Valasek gave a talk analyzing the hackability of dozens of car makes and models. Last year, the two men demonstrated how they could take control of the steering and brakes of a Ford Escape and a Toyota Prius using only a laptop connected to the cars, Greenberg writes. He quotes Valasek, who describes how he and Miller approached the analysis that they report in the 92-page paper they just published:
‘It really depends on the architecture: If you hack the radio, can you send messages to the brakes or the steering? And if you can, what can you do with them?’
Of the vehicles they analyzed, Valasek and Miller found that the three most hackable are the 2014 models of the Infiniti Q50 and Jeep Cherokee, and the 2015 Cadillac Escalade. The 2010 and 2014 Toyota Prius models are vulnerable to hackers as well, Greenberg writes.
The cars least vulnerable to hackers among those the researchers analyzed include the Dodge Viper, the Audi A8, and the Honda Accord, reports Kelly Jackson Higgins of InformationWeek DarkReading. She writes:
The researchers focused on the potential for remote attacks, where a nefarious hacker could access the car’s network from afar — breaking into its wireless-enabled radio, for instance, and issuing commands to the car’s steering or other automated driving feature.
Hackers could potentially access a car’s Bluetooth, telematics, or on-board phone app to commandeer such features as automated parking, steering, and braking. And hackers would not necessarily need to be within a few yards of the car they want to hack; some attacks can be done from much farther away, Higgins notes.
According to Miller, who is a Twitter security engineer, the cars most vulnerable to hackers are the ones with the most computerized features that are all on the same network and can speak to each other. Higgins quotes Miler:
‘The least hackable ones had [fewer] features, and [the features] were segmented, so the radio couldn’t talk to the brakes.’
Miller and Valasek say that their results are not definitive proclamations, but rather warnings of potential weaknesses in the cars, Greenberg writes. Although in 2013 the two men did hands-on hacking, in this new study they analyzed the cars’ technical manuals and wiring diagrams (after signing up for online mechanics’ accounts at the various carmakers’ websites) and scrutinized the computer networks revealed in the manuals, Greenberg writes.
In a related news item, Today reports that Chrysler and Nissan are examining Miller and Valasek’s findings. “Chrysler Group will endeavor to verify these claims and, if warranted, we will remediate them,” said company spokesman Eric Mayne. Today adds:
Miller and Valasek cautioned that since they had not actually attempted to hack the cars, the ones designated ‘most hackable’ might actually be quite secure.