The newest frontier for hackers: your car

As more computer technology gets added to vehicles, cybersecurity becomes an increasing concern.


Imagine driving down the road minding your own business when suddenly your car brakes sharply on its own. Or your steering wheel veers wildly toward the ditch. Or your accelerator pedal inexplicably gets pressed to the floor.

As computer technology increasingly controls critical vehicle safety features and more cars are connected to the internet, the danger of a hacker taking control of vehicles is becoming less like a Hollywood movie plot and more like something that can actually happen.

Wily cybercriminals have already proven their ability to breach government, military, corporate and individual cybersecurity walls. They’ve stolen personal information, medical records, financial data, military secrets and other data with near impunity.

The newest frontier for hackers bent on mischief? Your car. 

“These are super complicated high-speed networks on wheels,” said Vance Saunders, director of Wright State University’s cybersecurity program. “I don’t have to unlock your car. Because your car is just a mobile network.”

RELATED: ‘Smart car’ technology may make roads safer, but some fear data hacks

Using the internet and one of the multiple points of access into your vehicle’s computer systems, researchers have already demonstrated that they can take control from miles away. A growing number of computer-equipped, internet-connected smart cars are on the road, and automakers are testing fully autonomous vehicles that have even more high-tech controls that allow the car to do the driving for you..

Part of the research involved in developing a smarter car is developing a more secure car.

“The point is that suddenly we are exposed to major-scale attacks that can happen to us. And those attacks can result in fatalities,” said David Barzilai, chairman and co-founder of Karamba Security, a start-up vehicle cybersecurity company based in Israel.

In addition to whatever mayhem could occur on the roadway, your car has also become yet another way for your personal information to be stolen. Newer vehicles are now able to collect a startling amount of information about you, including your address and birth date, driving habits, where you travel, your music preferences and soon, credit card information you provide so you can make purchases from inside your car.

“You could probably put together a pretty good intelligence report,” said Seth Hamman, assistant professor of computer science at Cedarville University.

RELATED: 5 Things experts say about smart cars

Many newer vehicles are equipped with multiple sensors and Electronic Control Units (ECU), essentially an array of small computers that are connected to each other via a network, that are involved in a variety of vehicle functions.

The standard one people are most familiar with is the on-board diagnostic computer that mechanics use to diagnose problems. Automakers have also added an assortment of driver assistance technologies, such as automatic emergency braking, lane-keeping assistance and other features to make cars safer and smarter.

ECUs can control safety-critical systems like braking, along with navigation systems, location services, fleet management systems, and entertainment and communication systems. Within the vehicle, the ECUs work together to keep these functions humming along, mostly without the driver even realizing it.

RELATED: Experts say self-driving cars will save lives: Would you ride in one?

Automakers can send software updates to the vehicle via the internet, vehicle occupants can use an in-car hot spot to surf the web, and connected semi-trucks can drive in “platoons,” following very closely in single file and communicating braking and speed information to each other.

“Today’s cars are connected, and advanced technologies will make the cars much more connected in digital form than now,” Barzilai said.

While that brings “significant benefits of technology and connectivity, at the same time cars are much more vulnerable to cyberattacks,” he said.

The ECUs are designed to communicate with each other, which hackers can exploit, according to Barzilai. If one ECU is penetrated, a hacker could then send commands to the other controllers on the network, he said.

Multiple access points

Hackers can gain access in multiple ways. Vehicles are equipped with embedded internet modems, Wi-Fi routers, Bluetooth modules, USB ports, high-definition radio, the on-board diagnostic port and near-field communications devices that let you unlock or start your car remotely.

In 2015, security researchers Chris Valasek and Charlie Miller showed how the Jeep Cherokee could be remotely hacked, gaining internet access through the entertainment system and then taking control of vehicle steering, brakes and transmission. That hack led Fiat Chrysler Automobiles to recall 1.4 million vehicles to fix the security flaw.

Security researchers in 2011 took remote control of a car’s brakes using Bluetooth, and more recently researchers took control of the brakes on a moving Tesla from 12 miles away, according to a June New York Times story.

RELATED: Need a job? U.S. military looking for cyber warriors

Auto manufacturers encourage these “white-hat” hacks by security experts so vulnerabilities can be fixed. In fact, spokespersons for Tesla and Fiat Chrysler say they participate in a “bug bounty” program that offers rewards to people who find and report cybersecurity vulnerabilities.

“FCA is deploying the latest hardware technologies to protect against cyber intrusions,” said Sandra Hosler, senior manager for global vehicle cybersecurity for Fiat Chrysler Automobiles’ U.S. operations. “But we also improve protection by partnering with others.”

Tesla released a statement saying the company “works closely with the research community to ensure that we continue to protect our systems against vulnerabilities by constantly stress-testing, validating and updating our safeguards.”

New challenges

Two years ago auto companies formed the Automotive Information Sharing and Analysis Center, a central hub that tracks, analyzes and shares intelligence about cyber threats, vulnerabilities and incidents. That level of cooperation stands out in the notoriously competitive auto industry.

Karamba Security, which also has an office in Detroit, is working with 16 automakers and parts suppliers on improving vehicle cybersecurity, Barzilai said. Karamba’s software is designed to recognize and block hackers before they gain access to the various computerized functions of a vehicle.

He said the company will soon do field trials for the software in France, deploying self-driving cars in a closed area.

Experts say autonomous, or self-driving, cars will become more the norm in future years, presenting new and more complex cybersecurity challenges.

Research at Ohio State University and the Transportation Research Center in East Liberty is showing how to combat intrusions by better authenicating the command received by the vehicle, said C. Emre Koksal, associate professor of electrical and computer engineering at Ohio State.

“We have to address these (cybersecurity) issues before we deploy all these systems. And before we talk about how to rely on all those signals for our safety,” Koksal said.

He said experiments by his researchers show that vehicle security can be enhanced, but he said there may be no cure-all.

“To say that we will absolutely protect everybody from every kind of attack is an insurmountable problem,” Koksal said. “So we are basically narrowing down the set of potential attacks.”

‘You can never prevent hacking’

Resolving cybersecurity issues will be critical to advancing the autonomous vehicle industry, said Carla Bailo, assistant vice president of mobility research and business development at Ohio State.

“You can never prevent hacking,” Bailo said, but with robust cybersecurity systems in place the technology would “recognize the hacking symbol and your car can ignore it, or the infrastructure, the traffic signals, will ignore it.”

RELATED: Would you ride in a car with a brain?

Barzilai also believes anti-hacking technology can make the cars safe.

“What we’ve found is the complexity is so high, hackers are going to find it so hard to hack they may look for other goals,” Barzilai said. “I don’t know if it is going to be 100 percent safe, but it is doable. The systems can be hardened in quite an effective way.”

Multiple states have passed laws addressing autonomous car safety and cybersecurity. Congress is looking at increasing rules for autonomous cars and cybersecurity safety with the SELF DRIVE Act, co-sponsored by U.S. Rep. Robert Latta, R-Bowling Green, which passed in the House and is now being considered by the Senate.

Experts say the auto industry knows it has to get this one right. Otherwise, said Hamman, consumers will lose confidence and they won’t be willing to shell out money for cars outfitted with high technology that puts them at risk.

“In the recent past we would have been willing to go a lot further to get the cool next feature without worrying about the exposure,” Hamman said. “Whereas today I think that line is moving back because of the security issues.”

RELATED: Want to avoid getting hacked while driving? Check this out



Reader Comments ...


Next Up in Business

Building permits sought for new apartments in Riverside
Building permits sought for new apartments in Riverside

Developer St. Mary Development Corp. and MVAH have applied for Montgomery County building permits to build apartments in Riverside. RiverWorks Lofts LLC applied for permits to build at 2317 Harshman Road. That’s close to another apartment complex, Riverside Senior Lofts, also planned for 2333 Harshman. The latter complex will be built for residents...
Paving materials company buys local land long eyed for mining

An 82-acre piece of farm land inside the West Carrollton city limits that was previously denied zoning to allow mining operations has been acquired by Barrett Paving Materials. The company — whose Dayton presence is based at 2589 Needmore Road — paid $1.5 million for the land just south of Farmersville-West Carrollton Road from Hewitt Farms...
Recalls: Children’s clothing, fitness products and more
Recalls: Children’s clothing, fitness products and more

Parents, fitness buffs and those prone to bug bites should check to see if they have the potentially dangerous products being recalled this week. Infant and toddler coveralls sold under the name ED by Ellen DeGeneres are under recall because the bunny applique can come off and pose a choking hazard for your child, according to the Consumer Product...
Company buys local land long sought for mining work
Company buys local land long sought for mining work

Barrett Paving Materials has bought 82 acres of farm land in West Carrollton for $1.5 million, county property records show. Barrett — which produces, sells, and delivers crushed stone, sand and gravel products in Ohio and Indiana — has long eyed that property as a potential mining source. The company, based at 2589 Needmore Road, bought...
Miami Valley Hospital to build out last of empty floors
Miami Valley Hospital to build out last of empty floors

Miami Valley Hospital is building out the 10th and 11th floors of its southeast tower, which were left empty space in 2010 to leave room for expansion. The Dayton hospital, operated by Premier Health, said in a statement that it just opened an upgraded 36-bed neuroscience advanced care unit on the 10th floor and is set to finish construction next month...
More Stories