It sounds like something out of a blockbuster film: an evil hacker breaks into a complicated system that controls all of the computerized features in passenger vehicles. He then disables their ignition systems so they cannot start. Or he causes all of the engine sensors to malfunction so that the vehicles overheat and stall out on the roads. Or maybe he assumes control of their power steering and causes these vehicles to crash into each other all over the country.
Of course, this could never happen… right?
Well, what about these situations?
- A hacker remotely uploads video files from dashboard camera systems in police cars.
- A hacker sends out a signal which causes vehicles’ tire pressure detection systems to erroneously display warning lights on drivers’ dashboards.
- A hacker figures out how to spy on all phone calls that are made inside cars.
- A hacker causes vehicles to wirelessly transmit their make, model, VIN numbers, and current location to a computer operated by the head of a car theft syndicate.
- A terrorist simultaneously disables the brakes on numerous cars that are traveling on the country’s roads.
- A scofflaw accesses a dealer’s computer system and shuts off engines and blares horns on dozens of vehicles.
According to computer experts, these scenarios could become reality… and one of them has already happened.
How is this possible? With all of the “smart” automotive technology that can regulate everything from cabin temperature to airbags, today’s newer vehicles are becoming increasingly more vulnerable to cyberattacks. Some of these vehicle computer systems could potentially be compromised using drivers’ Bluetooth or WiFi systems, while others are susceptible to hackers through a server owned by a dealer or manufacturer.
Cybersecurity experts have already found ways to gain access to much of this computerized auto technology and manipulate certain functions of the vehicles. For example, a security tester hired by a city was able to access police vehicles’ dashcam systems and steal or delete months of stored video files. Researchers at the University of South Carolina were able to cause one vehicle to send a bogus signal to another that lit up the “low tire pressure” indicator on the target car; this prompted fears of criminals engaging in this practice and then following people who pulled over in the hopes of robbing them.
Furthermore, an August study by the Center for Automotive Systems Security found several more vulnerabilities. Researchers were able to wirelessly command groups of vehicles to transmit GPS coordinates and vehicle identifying information; this could allow criminals to not only determine where the most valuable auto theft targets are, but also send out wireless commands to unlock their doors, disable their alarms, and start their engines. In addition, these experts were successful in intercepting wireless signals so they could monitor the cell phone calls of the vehicles’ occupants. But perhaps the most disturbing accomplishment was the capability to instantly render braking systems inoperative by sending the appropriate wireless command to the targeted vehicles.
And yes, there has been at least one instance where this type of approach has been used to create mischief. A disgruntled former employee at a Texas used car dealership gained access to the company’s system that shut off the engines of owners who did not make their car payments. The individual then disabled the engines and activated the car horns on more than 100 vehicles that had been sold by the dealer.
To their credit, new car manufacturers are taking these issues seriously and are actively working to bolster security on the computer systems in their vehicles (although the same can’t be said for some aftermarket auto parts sellers). However, security experts warn that the more technologically-advanced that new vehicles become, the greater their exposure is to the risk of hacking and cybertheft. So while no one likes to consider the idea of widespread mayhem or destruction caused by a single individual breaking into cars’ computer systems, such circumstances are not completely beyond the realm of possibility.