You’re driving down the highway and all of a sudden your car stops. There’s no engine trouble, there’s no noise, no smoke. Your car just slows down and then… stops. Everyone around you is honking and flipping you off as they pass you. Meanwhile, miles away, someone on a computer is controlling your car over the internet. Your car has been hacked.
This is the situation that WIRED writer Andy Greenberg found himself in last year, except that he was involved in a controlled experiment with hackers Charlie Miller and Chris Valasek. Miller and Valasek were taking advantage of Chrysler’s Uconnect feature, which adds smartphone-like features to their vehicles. And, as Greenberg put it, "Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country."
"More vehicle hacking entry points exist now than ever before," says Karl Brauer, a senior analyst for Kelley Blue Book. Car manufacturers are rushing to include new features that rely on an always-on internet connection, either through built-in antenna or through a connection with your smartphone. And it really is a rush — car manufacturers have admitted that it will take three years before these features are secure from hacking efforts.
Anujah Sonalker, vice president of engineering and operations at TowerSec, told Autoblog that the smartphone connection may be key to understanding why someone would want to hack your car. "Now that motorists are connecting their cell phones to cars, hackers may target financial information hoping for a monetary reward."
However, many hackers would likely target anyone in an attempt to either hurt them or scare them. Consider the practice of doxing — researching someone’s personally identifiable information, such as an address, and publicly broadcasting it. Those people can then be targeted with harassment, such as swatting (sending a SWAT team to someone’s house by sending in a false report), or threatening messages. To assume that hackers are only interested in financial gain is to ignore the entire history of internet harassment.
But how likely are you to be a victim of car hacking?
First, it’s important to remember that most vehicles on the road are not internet-connected in any way. The average vehicle in America is over eleven years old. But now that the economy is recovering for many middle-class Americans and gas prices are at a low, there may be more new, internet-connected cars sold in the next few years. Generally speaking, however, unless you bought a car in the last few years, you probably have nothing to worry about — for now.
Second, and maybe more important, is that you also need to know that the attacks written about in WIRED and other outlets are limited. In the case of Miller and Valasek, they had worked on the hack for nearly a year before they got it to work. Other hacks take advantage of security holes that have already been fixed. They may also require physical access to the car in question. They’re also not being performed by evil hackers — Miller, Valasek, and other hackers you may hear about are researchers who are testing the limits of connected-car security. They are, in other words, the good guys.
Car security is a big deal, and as more of these internet-connected cars get on the road, and as more of them get autonomous driving features, being able to protect your car from hooligans and hard criminals alike will become a matter of life and death. In the meantime, however, you shouldn’t worry about it. If you have to worry about car safety, focus instead on drunk drivers — they’re still responsible for over 70% of fatal car accidents.
Image: Nam-ho Park