Skip advert
Advertisement

Car hacking: study shows over 100 models at risk

A new car hacking study showed thieves can disable immobilisers and drive off without a key in models from Volvo, VW, Audi and Fiat

Laptop

A new study has found that electronic immobilisers used by 26 car manufacturers are vulnerable to hacking, putting many motorists at risk. Currently four out of 10 car thefts in major cities like London involve some form of car hacking.

In light of police reports unable to explain how some cars are stolen, researchers Roel Verdult, Flavio Garcia and Baris Ege began to investigate the nature of vehicle immobilisers – devices that prevent the engine from starting without the correct key.

Advertisement - Article continues below

Immobilisers used in 100 different models from the likes of Volvo, VW, Audi and Fiat – especially models that come with a starter button instead of a key – were found vulnerable to hacking by thieves with access to a computer. The researchers were banned from publishing the report for two years by car manufacturers due to its sensitive nature.

How does immobiliser hacking work?

Since 1995 EU legislation demands that all new cars come standard with an electronic immobiliser. This device only allows the vehicle to start when it is provided the right credentials - but thieves can wirelessly steal all of the information from a car key in seconds.

They are then able to fool the car into thinking the key is present, and drive away as if they had the key.

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

In other instances, the researchers were able to fake the signal via trial and error and fool the immobiliser into thinking a key exists – in fact, in this test the car was started in under 30 minutes. 

The researchers say all of the vehicles tested were compromised because the communication signal can be interpreted and eventually predicted.

While all this requires physical access into the car – the report voiced concerns over the growing threat of car hacking in the industry: “It is surprising that the automotive industry is reluctant to migrate to better transponders considering the cost difference of a better chip (less than £1) in relation to the prices of high-end car models (in excess of £50,000).”

Jeep Cherokee recall over car hacking research

Two US researchers recently contrived to elevate car hacking from an engineering anomaly to a widespread recall issue by wirelessly taking control of a 2014 Jeep Cherokee. They managed to remotely control the car’s air-conditioning, radio and, more worryingly, its brakes and engine.

Advertisement - Article continues below

Attacking the car’s security through an electronic opening in its radio system, Charlie Miller and Chris Valasek sent lines of code wirelessly to the Jeep’s on-board computer. Using just their keyboards, Miller and Valasek fiddled with the Cherokee’s infotainment, before immobilising the Jeep on the side of the road.

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

• Keyless car crime on the up as hackers clone keys

The possibility that car hackers with more sinister motives could take control of a car prompted Fiat Chrysler Automobiles to issue a US based 1.4 million vehicle recall for Jeeps, Dodges and Chryslers in an effort update their software systems and prevent the possibility of real car hacking attacks.

Car key theft

The US Federal regulators are now also involved in investigating Fiat Chrysler and the potential security flaws in their vehicles. This and the possibility of the net widening to involve vehicles from other manufacturers has prompted questions over how secure modern cars and their computer systems really are from cyber attacks?

Below, we’ve compiled a detailed breakdown of the car hacking issue looking at how hackers access modern cars and what manufacturers are doing to combat this new threat to car security.

Is your car at risk from the car hackers?

While the media storm surrounding Fiat Chrysler’s car hacking vulnarabilities is centred across the pond, UK motorists could be at similar risk of being targeted by delinquent tech experts. 

Advertisement - Article continues below

Rumours of remote attacks on the computer systems within our vehicles have circled the automotive industry for years, but as modern cars feature more and more wireless connections, Bluetooth accessibility and other routes of electronic entry, the risks of car hacking attacks are only likely to increase.

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

Modern cars at serious risk from computer hackers

Miller and Valasek reveal that most cars are hacked by accessing their Electronic Control Units (ECUs). All modern cars contain ECUs that control everything from infotainment to the ABS system. ECUs work together as a network – where one influences the other, and alter their functions in different driving modes. 

DAB radio

The number of ECUs in modern cars ranges from 20 to 100, which in effect means 100 different points of access for potential car hackers.

Accessing ECUs can now be done wirelessly, either through Bluetooth or even DAB radio connections, but assuming physical control of a car requires more than just a point of entry. 

A common attack consists of the hacker sending a line of code that allows them to listen to the ECU – observing your driving patterns and choices of radio station, for example. To actually control the vehicle, however, the attackers would need to get one ECU to interact with others – thus influencing the system.

Advertisement - Article continues below

To control the safety critical ECUs such as the ABS, Miller and Valasek point out that “the attackers will have to somehow get messages bridged from the network compromised ECU to the network where the target ECU lives.”

Skip advert
Advertisement
Skip advert
Advertisement - Article continues below

This is basically the method through which the US researchers were able to control the Cherokee’s brakes by accessing its DAB radio. Their report explains that; “after the attacker has wirelessly compromised an ECU and acquired the ability to send messages to a desired target ECU, the attacker may communicate with safety critical ECUs.”

It is this latter stage of the successful hack, establishing a bridge of communications from one ECU to the next, wirelessly, that has caught auto manufacturers by surprise. Fiat Chrysler identified a potential threat to their non-critical vehicle safety systems as early as January 2014, but failed to acknowledge that hackers could use it to establish a bridge from one ECU to another and thus assume controls of safety critical systems. 

In their research of 21 different vehicles, Miller and Valasek identified tyre pressure monitors and remote keyless entry systems as the most susceptible routes of entry from which to access safety critical ECUs.

What are manufacturers doing about car hacking?

It’s not all doom and gloom for the modern day motorist where the car hacking threat is concerned. Manufacturers are working on establishing more secure systems and networks for their cars.

Advertisement - Article continues below

Fiat Chrysler are looking to patch up their software to prevent further attacks, and while the attack on the Jeep Cherokee stirred a commotion, the men behind it point out that it required time, money and resources, all in abundant quantities, to pull off.

Manufacturers also continue to work with tech experts to highlight potential bugs in the network, and fund research to establish better security systems for their wireless systems. 

It’s also worth pointing out that each manufacturer has its own data and computer systems in its vehicles that the hackers will need to overcome. Just because one car has been compromised by hackers it does not mean that all models are vulnerable to the same attack.

Which cars are most and least vulnerable to car hackers?

To account for this difference in computer systems across the car industry, Miller and Valasek tested 21 cars and found some of the most popular makes and models in the UK differ significantly in their cyber security. Some of the best and worst performing models are listed below…

Jeep Cherokee front cornering

Difficult cars to hack

  1. 2014 Audi A8
  2. 2014 Honda Accord
  3. 2010 Range Rover Sport

Easy cars to hack

  1. 2014 Jeep Cherokee
  2. 2014 Toyota Prius
  3. 2014 Infiniti Q50

Have you been a victim of electrionic car crime? Tell us about it in the comments section below...

Skip advert
Advertisement
Skip advert
Advertisement

Recommended

Car finance scandal: Supreme Court hearing could halve number of claimants
Finance contract, car key and calculator on desk

Car finance scandal: Supreme Court hearing could halve number of claimants

Scandal involving car finance commission could see motorists entitled to billions of pounds in payouts
News
19 Dec 2024
Dieselgate is back! Thousands of cars could be recalled as scandal returns
Emissions tests questioned

Dieselgate is back! Thousands of cars could be recalled as scandal returns

The DfT is currently investigating as many as 47 models across several brands that are suspected to use diesel defeat devices
News
14 Nov 2024
MoT failure rate is worse for vans than cars
MOT

MoT failure rate is worse for vans than cars

More than a third of light commercials failed their first MoT last year, new figures show
News
12 Nov 2024
Paris mayor says ‘non’ to through traffic with plans to fine drivers
Renault Zoe being driven in Paris

Paris mayor says ‘non’ to through traffic with plans to fine drivers

Drivers entering Paris city centre will have to prove residency or a valid destination to avoid a fine
News
5 Nov 2024

Most Popular

Driver whose towbar voided his insurance wins payout
Towbar

Driver whose towbar voided his insurance wins payout

Allianz tells Auto Express it was ‘right in principle’, but has agreed to cover the claim in full
News
20 Dec 2024
Car Deal of the Day: Vauxhall Grandland is simply stunning value at £145 a month
Vauxhall Grandland - main image

Car Deal of the Day: Vauxhall Grandland is simply stunning value at £145 a month

The outgoing Vauxhall Grandland is fine transport for all the family. It’s our Deal of the Day for 18 December
News
18 Dec 2024
New BMW 330e 2024 review: one of the best plug-in company cars you can buy
BMW 330e - front tracking

New BMW 330e 2024 review: one of the best plug-in company cars you can buy

The facelifted BMW 330e PHEV is a top business choice
Road tests
18 Dec 2024