Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Could a hacker remotely control your car?

Margi Murphy | July 27, 2015
Techworld asks security and car tech experts how hackers take control of a car remotely and whether carmakers have it covered.

Car hacks are an acutely realistic threat, but are UK drivers at risk? We ask the experts with insider knowledge of the automotive and tech industry whether carmakers are investing in the right security, and whether recent reports can be written off as scaremongering.

Two hackers took control of a Jeep last week in a demonstration for tech magazine Wired - the latest in a series of embarrassing showcases of vulnerabilities in various luxury brand's models.

Techworld recently revealed Jaguar Land Rover was recalling thousands of its 4x4 models due to a software flaw that saw car doors unlock and in one case fling open mid-journey. Defects like these are increasing as cars become reliant on software, LTE and WiFi networks.

Mid-market carmakers haven't been spared security speculation either, with Nissan investigating its software vulnerabilities after a report that named it "most hackable" last year.

Are car manufacturers doing enough?

Amidst the media scrutiny, expert Pete Highton believes car brands are making improvements in car security. Highton is principal staff engineer at Freescale semiconductors and works with McLaren's Formula 1 cars, amongst other automotive manufacturers.

Freescale's semiconductors form part of the microprocessors that McLaren uses to learn more about its car, a technology which is used by most carmakers as they become increasingly digital. Samsung, Intel, Qualcomm and Sony make similar chips, which are primarily found in smartphones.

"With the advent of the connected car and continued extension of that connectivity from General Packet Radio Service (GPRS) to 3G, 4G and WiFi there has been a period over the last three to four years where car manufacturers have had to re-evaluate their approach to car security," he told Techworld.

Securing these connections involves encryption, decryption and authentication modules on microcontrollers and microprocessors in the car, he explained.

"No car manufacturer wants the dubious honour of being the first hacked car. As a result the 'mission critical' parts of the electronics (the engine control unit, for example) are not exposed to wireless interfaces directly."

However, hackers are able to intercept data sent from the engine control unit to the car's communication gateway - usually the infotainment system, like Apple's CarPlay. The security in place here is on the same level as algorithms that run on your laptop or tablet computer.

Many car brands have their own version of a "cloud platform" that drivers can sign into and use to check tyre pressure and use GPS through their dashboard, as well as monitor aspects of the car on their smartphone.

Some, like Ford, have even announced over-the-air software updates, similar to a new OS for your smartphone, following in Tesla's fashion. Tesla is already gearing up for a driverless feature update that will allow auto steering, as part of its 6.2 version OS which prompted concerns over further man-in-the middle attacks.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.