Charlie Miller and Chris Valasek will present Remote Automotive Attack Surfaces at Black Hat, but you don’t have to wait for their talk to learn which vehicle models are the most secure and the least secure from attacks.
After reviewing 20 vehicle models, the duo told CNN Money that the “2014 Jeep Cherokee, 2015 Cadillac Escalade and 2014 Toyota Prius were the most hackable.” Yet according to what the researchers told Dark Reading, the 2014 Infiniti Q50, which ranges in price from about $37,150 to $45,450, is the “easiest” to hack “because its telematics, Bluetooth, and radio functions all run on the same network as the car's engine and braking systems, for instance, making it easier for an attacker to gain control of the car's computerized physical operations.”
Importantly, the researchers pointed out that they did not remotely attack any of the vehicles in the report; instead they “did their analysis by looking at the technical configurations of different models.”
With that in mind, they said the 2014 Audi A8 was the least hackable overall, but the 2014 Dodge Viper and the 2014 Honda Accord also did well in the harder-to-hack category. In the Audi A8, for example, Miller said, “Each feature of the car is separated on a different network and connected by a gateway. The wirelessly connected computers are on a separate network than the steering, which makes us believe that this car is harder to hack to gain control over" its features.
"We can't say for sure we can hack the Jeep and not the Audi,” Valasek told Dark Reading, “but… the radio can always talk to the brakes."
CNN said that according to the report:
Both the 2014 Jeep Cherokee and the 2015 Escalade have an inherent security flaw: The cars' apps, Bluetooth and telematics -- which connects the car to a cellular network like OnStar -- are on the same network as the engine controls, steering, brakes and tire pressure monitor system.
In the 2014 Prius, the AM/FM/XM radio and Bluetooth are on the same network as the steering, brakes and tire pressure monitor.
By watching the video that accompanies CNN’s “How hackers could slam on your car’s brakes,” you learn the hack involves telling the car you are a mechanic bleeding the brakes and it “only works if you're driving really slow, like 5 or 10 miles per hour." While that’s still pretty freaky, the video shows the attack being carried out by the passenger.
The premise is good fodder for fiction, however, as CNN Money previously reported, “Imagine driving down the highway at 70 miles per hour, when suddenly the wheel turns hard right. You crash. And it was because someone hacked your car.” CNN added, “It's not far-fetched science fiction. It's the near-term future today's hackers are warning about.”
The newest car-hacking CNN video also includes a steering hack demo, consisting of Miller driving about 40 mph when Valasek jerked the steering wheel to the left. They explained, "We had to basically trick the car” into believing it was driving very slowly and in reverse as if parking. The hard jerk on the steering wheel was not supposed to work at high speeds.
Distances for hacking car features, according to CNN Money, range from one meter away for tire pressure, 5 to 20 meters for smart keys, 10 meters for both Bluetooth and the passive anti-theft system, and 100 meters away to hack the radio data system.
There’s another important factor when it comes to hacking these vehicles. Even if you picked up a hitchhiker carrying a laptop, it would be impossible not to notice the would-be attacker dismantling your dashboard and plugging in her laptop to hack your car. This is something Toyota stressed when it released the following statement:
It is important to note that a recently publicized demonstration required a physical presence inside the vehicle, partial disassembly of the instrument panel, and a hard-wired connection. All of this would be obvious to the driver. Our focus, and that of the entire auto industry, is to prevent hacking into a vehicle's by-wire control system from a remote/wireless device outside of the vehicle.
Cadillac and Chrysler issued similar statements about the researchers using “publicly available data, while the company's vehicles were also equipped with elements 'that are private and not accessible to researchers (or thieves)'."
Miller and Valasek have made their point about cars being vulnerable to hacking and even built a $150 anti-hacking device. The prototype helps prove how inexpensively manufacturers could defend against attacks. While the duo is best known for bringing the hurt to the Toyota Prius and Ford Fusion, Miller and Valasek are far from the only security researchers hacking and attacking vehicles.
OpenGarages research recently made The Car Hacker's Handbook available for free or for purchase if you really want to part with your money. The manual includes numerous attack surfaces, such as attacking TPMC (tire pressure monitoring caps), Ethernet attacks, attacking key fobs and immobilizers, and weaponizing CAN findings.
After a SyScan +360 conference in Beijing offered $10,000 to anyone who could successfully hack into the Tesla Model S sedan, Zhejiang University students reportedly hacked the Tesla and remotely controlled the car’s locks, horn, headlights and skylight while the car was in motion. Tesla is looking into it, but that’s a report I can’t wait to see. Remotely attacking a moving vehicle is when it gets real, and if that eventually extends to steering and braking then it’s really scary.