News JVTech Electric cars have become computers on wheels and hackers are having a blast…
Published on 01/13/2023 at 20:50
Cars keep getting better and that’s not always a good thing. When technology comes into play, so do hackers. And for a vehicle, that can be a big problem.
Electric cars are no longer just cars
Cars have long been, first and foremost, an object for getting from point A to point B. But today, and thanks to technological advances, our vehicles are clearly no longer limited to this function. They have even become real connected computers! But as comfortable and wonderful as our modern cars are, they still have potentially dangerous flaws.
Almost a decade ago, ethical, so-called “white hat” hackers issued a warning at the famous Def Con event. Connected cars pose cybersecurity risks, and two experts, Charlie Miller and Chris Valasek, have watch that, even at that time, several models had vulnerabilities of varying magnitude. Since these events, technology has become even more ubiquitous, and so the problem has gotten worse..
To give you an example, in 2015, the same hackers had managed to remotely control a Jeep Cherokee – turning the steering wheel, braking and accelerating – driving at low speeds, which had forced the company to recall 1.4 million vehicles to correct the problem. In 2016 it got even more serious: they could do it regardless of speed.
Hacking: the aftermath of the technological improvement of cars
These notorious hacks, mentioned above, made the threat obvious, but every now and then experts are reminded of how far things can go.. At the end of 2022, a researcher named Sam Curry assessed cybersecurity of several manufacturers and telematics systems (a concept that covers applications combining telecommunications and IT) and discovered vulnerabilities and security flaws everywhere. A good example are remote services that allow us to know the status of the car or turn on the heating or air conditioning before using it. An identification number… And presto! The car opens, honks and stops by itself.
We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.
To explain how it worked and how we found it, we have @_specters_ as our mock car thief: pic.twitter.com/WWyY6vFoAF
— Sam Curry (@samwcyo) November 29, 2022
Services such as LoJack provide access to useful connectivity solutions for remote access to our vehicle data. But that same Sam Curry detected several security vulnerabilities which would allow hackers to gain “full administrator access to the company’s management panel which gives the ability to send arbitrary commands to an estimated 15.5 million vehicles. The problems affect the cars, but also the internal systems of the manufacturers. The researcher was, for example, able to infiltrate Mercedes, BMWs and even Rolls-Royces.
But all this, the car manufacturers know. Ars Technica contacted the manufacturers and fortunately: they are all aware of the problems described by Sam Curry in his report, and there are workarounds in development and in some cases patches to cover these vulnerabilities. As far as we know, no vehicles or accounts have been affected, but it is clear that these threats will grow in the future and that efforts to prevent these issues must do the same.
