Car Hacking - The Brave New World Of Digital Driving
By Martha Hindes
The Auto Channel
You just checked your computer and your anti-virus protection is good to go. Same for your tablet and smartphone. No one is going to mess up your day by hacking into your personal information. You made sure of that.
You go out to your car, chuck your briefcase onto the passenger seat or strap your three-year-old into an industry standard car seat and you're ready to go, feeling safe and secure. Life is good.
But wait! Your infotainment system is beckoning as you shift into drive. It probably never occurred to you that underneath that 8-inch touch screen, those apps that can connect your phone and tablet, that can churn out the latest Taylor Swift anti-boyfriend diatribe or quick banking function that lets you skip the drive-through line at your local credit union is a nasty little bandit quietly waiting to wreck havoc. And that havoc includes potential danger on what should be a casual drive or quick trip for a business meeting.
We've all become pretty accustomed for the need to protect our electronic devices. But few drivers realize that probably the most sophisticated and complex device of all has four wheels, a steering wheel – at least for the present – and can get you from here to there without being beamed up by some future-tech scrambler that will reassemble your molecules in pristine order at your destination.
Car hacking, as it's increasingly called, is an emerging state-of-the-art threat that can make a computer phishing scam seem like child's play. So where does that leave you?
According to a recently released car hackers bible, “The Car Hacker's Handbook, A guide for the Penetration Tester,” by Craig Smith (no starch press), problems with someone trying to invade your vehicle's computers and software isn't exactly in its infancy. But it's young enough and new enough that even auto makers that should be on top of the threat still are learning their way around the problem.
The handbook (actually an updated and expanded version of one that originally broke ground in 2014) is – as the subtitle suggests – a “how to” to attack your car (or someone else's), a rather disconcerting statement once vulnerabilities start to emerge. It tells in great technical detail how to find out what are the easiest and most difficult access points to try to get through – what it calls a vehicle's “attack surface,” referring to what you can access when you get in, and what you can change when you do get into the electronic innards.
Despite the implication, it's not designed for someone with criminal intent. Rather, it is meant to point out what can be victimized in a brave new electronic driving world that is changing in complexity by the millisecond, how to recognize and monitor your own vehicle's soft points if you have the chutzpah to play around with monitoring equipment, and why the need to establish safeguards is so great.
The handbook starts out by identifying those under belly points that could let a nasty neighbor, a crime syndicate or errant quasi governmental bad guy probe into your personal safety zone.
First, starting outside, what signals are set to get into your vehicle? Radio waves? Key fobs? Distance sensors? Does it have a physical keypad, touch or motion sensors? If it's electric, how is it charged?
Once inside, the access points become more overlapping. What are the audio input options? CD? USB? Bluetooth? (Aren't those some leading edge amenities that made you want to buy your car, SUV or truck in the first place?) Check out the diagnostic ports that can let a mechanic monitor trouble spots without pulling apart your entire engine or transmission to find them. Don't ignore what you can do with the functions on your dashboard – GPS, Bluetooth, Internet access.
Data that's entering your vehicle can become malicious if someone has that intent. (Recall the Jeep controls overtaken electronically during a car hacking demo a year ago that drove the vehicle into a ditch?) But it also can be an electronic glitch with enough of an error to begin to create a problem somewhere inside.
Before you bought your vehicle, the company that designed and built it should have made a map of potential attack points that need to be protected against as part of the vehicle development process. These can include how the vehicle's computer systems talk back and forth with each other. This map should let the auto maker know what to keep watch on as a car or truck lives out its days on the road. And those soft points aren't static. They can evolve and change during that model's life cycle.
The rapid trend toward automated or even driverless vehicles makes such potential threats even more serious. Smith cites the importance of having individuals as well as auto makers continually check and test their vehicles. Those who are tech savvy and discover vulnerabilities are helping attack the problem and can aid auto makers and suppliers in addressing the issues early on while they more easily can be contained or eliminated. He also cites the importance of public awareness that can pressure both manufacturers and safety agencies into developing safeguards and standards designed to keep ahead of the threat.
And these really are only the early steps in a very long haul issue.
After all, Robert N. Charette, author of “This Car Runs on Code” has cited a standing joke among Toyota engineers – who develop at a minimum the 100 micro processors, five miles of wiring, 50 control units and 100 million miles of code that go into a single vehicle.
The only reason they put wheels on a car, they said, is to keep the computer from scraping the ground.