2017 Jeep® Cherokee Limited
Car hacking is something that’s becoming more and more concerning these days. Security researchers have found that certain cars have vulnerabilities that can lead to the driver losing control of their vehicle, but so far no real world cases of car hacking have been reported.
A report conducted in 2014 by security researchers Charlie Miller of Twitter and Chris Valasek of IOActive helped showcase these vulnerabilities and how certain car functions are tied to the various computers in the vehicle.
During the 2014 Black Hat security conference in Las Vegas, the pair presented their findings about various cars and how one could theoretically hack them. In particular, they looked at the in-car computer schematics to show how certain functions of the car are tied to others, like if you can hack the radio or bluetooth network, can you send messages to more critical components like the brakes or the steering? In some cases such issues were possible.
In one detailed case using a 2014 Jeep Cherokee, this is possible through “jailbreaking” the infotainment system, which is the process of overcoming a system’s security functions to run unsigned or malicious code. This can be done with a USB key plugged into the car, which identifies itself as an update.
Other cars, like that Audi A8, was applauded for having its network of critical driving systems and non-critical telematics systems on separate networks.
According to that report and Bankrate.com, these are some of the most hackable cars out there. Since the report is a few years old, these cars are all 2014 and 2015 model year vehicles, with a few exceptions. A few of these vulnerabilities have been patched in recent years.
Range Rover Evoque
This luxury crossover features several wireless networks that researchers say can be vulnerable to hacking including the InControl infotainment system app, Bluetooth network for phone pairing, the remote keyless entry key, the on-board cellular network and Wi-Fi radio.
One of the most publicized victim of the latest car hacking news is the Jeep Cherokee, which researchers used as their test vehicle. Many of the computers in the Cherokee find their way in other Fiat-Chrysler Alliance vehicles including the 300. The Uconnect infotainment system is the most significant vulnerability and has since been patched by the automaker.
BMW X3 M
Researchers suggest that the BMW X3 has a “large attack surface” meaning that there’s multiple ways to compromise the security of the vehicle’s computer systems. The BMW ConnectedDrive system can be exposed, leading someone to hack the cars Bluetooth system or on board Wi Fi.
Researchers claim that the older SYNC System in some Fords can be compromised, but haven’t mentioned anything about the new SYNC3 system. However, recent reports out of Germany have found that some hackers may be able to access the vehicle through a radio hack that mimics the owners key fob.
Researchers also tested out older cars, including different model years of the third generation Prius. The 2010 model had some potential issues, like the Bluetooth, AM/FM/XM radio, remote keyless entry, cellular, proprietary radio and the Safety Connect system. Researchers also found that the Adaptive cruise control, the self-parking system and the pre-collision system also could be at risk.
2014 Toyota Prius
Like the 2010 Prius, the 2014 model year has some vulnerabilities too. In fact, a main issue is that the brakes and steering are on the same network as the Bluetooth, posing a significant risk if the Bluetooth is hacked.
Not surprisingly, an older Prius, the 2006 model, posed much less of a security risk.
The Infiniti Q50 is a technological marvel, and includes a unique steer-by-wire system. However, researchers have found the tech-heavy Infiniti to carry a huge security risk, saying that within the Q50’s network of systems, the radio and telematic components are directly connected to engine and braking systems. This is a serious safety concern if the systems are ever compromised.
2015 Cadillac Escalade
OnStar, a service included on many GM vehicles has a number of benefits including remote unlock and ignition, a vehicle finder service and even a helpful concierge. However, because it runs on a wireless network, if it was ever compromised it could lead to serious exploits. Another concern is that the Bluetooth and telematics systems are on the same network as the brakes, steering and engine.
Researchers Charlie Miller of Twitter and Chris Valasek of IOActive first got hands on hacking experience with a Jeep Cherokee, and they’ve documented the whole process. While FCA has since updated and patched the exploits used by the researchers, the team have documented just what kind of access a hacker can have over a “jailbroken” car. The brakes, engine and steering systems can be exposed, leaving potential vulnerabilities in the driver assistance systems like adaptive cruise control, parking assistance, crash mitigation and lane-departure warning.