Vulnerabilities / Threats // Advanced Threats
8/2/2014
08:30 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

The World's Most Hackable Cars

Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers.

Updated on 8/4/2014 with Chrysler comments

If you drive a 2014 Jeep Cherokee, a 2014 Infiniti Q50, or a 2015 Escalade, your car not only has state-of-the-art network-connected functions and automated features, but it's also the most likely to get hacked.

That's what renowned researchers Charlie Miller and Chris Valasek concluded in their newest study of vulnerabilities in modern automobiles, which they will present Wednesday at Black Hat USA in Las Vegas. The researchers focused on the potential for remote attacks, where a nefarious hacker could access the car's network from afar -- breaking into its wireless-enabled radio, for instance, and issuing commands to the car's steering or other automated driving feature.

The researchers studied in-depth the automated and networked functionality in modern vehicle models, analyzing how an attacker could potentially access a car's Bluetooth, telematics, or on-board phone app, for example, and using that access to then control the car's physical features, such as automated parking, steering, and braking. Some attacks would require the attacker to be within a few meters of the targeted car, but telematics-borne attacks could occur from much farther away, the researchers say.

Not surprisingly, the vehicles with fewer computerized and networked functions were less likely to get attacked by a hacker. "The most hackable cars had the most [computerized] features and were all on the same network and could all talk to each other," says Miller, who is a security engineer at Twitter. "The least hackable ones had [fewer] features, and [the features] were segmented, so the radio couldn't talk to the brakes," for example.

The 2014 Infiniti Q50 would be the easiest of all to hack because its telematics, Bluetooth, and radio functions all run on the same network as the car's engine and braking systems, for instance, making it easier for an attacker to gain control of the car's computerized physical operations.

Different vehicles had different network configurations: Some had Bluetooth on a separate network than the steering and acceleration systems.

The researchers say the 2014 Dodge Viper, the 2014 Audi A8, and the 2014 Honda Accord are the least hackable vehicles. They ranked the Audi A8 as the least hackable overall because its network-accessible potential attack surfaces are separated from the car's physical components such as steering, notes Miller. "Each feature of the car is separated on a different network and connected by a gateway," he says. "The wirelessly connected computers are on a separate network than the steering, which makes us believe that this car is harder to hack to gain control over" its features.

By contrast, the 2014 Jeep Cherokee runs the "cyber physical" features and remote access functions on the same network, Valasek notes. "We can't say for sure we can hack the Jeep and not the Audi, but… the radio can always talk to the brakes," and in the Jeep Cherokee, those two are on the same network, he says.

Update: A Chrylser spokesperson told Dark Reading its vehicles come with security features already, and the company is working on new security features as well. "Chrysler Group takes seriously the issue of cyber security. Our vehicles are equipped with security systems to help minimize the risk from real-world threats and we have multiple engineering teams dedicated to developing new security features," the spokesperson said in a statement.

"Chrysler Group will endeavor to verify these claims and, if warranted, we will remediate them. However, we support the responsible disclosure protocol for addressing cyber security threats. Accordingly, we invite security specialists to first share with us their findings so we might achieve a cooperative resolution. To do otherwise would benefit only those with malicious intent," he said.

Worries over the cyber security of cars is gaining traction ever since Miller and Valasek's 2013 DEF CON car-hacking research, where the pair demonstrated how they were able to hack and take control of the electronic smart steering, braking, acceleration, engine, and other functions of a 2010 Toyota Prius and 2010 Ford Escape. That research focused on what a bad guy could do if he could get inside the car's internal network, and the researchers physically test-drove the hacks they discovered.

While the pair didn't get much response from Ford and Toyota after providing the carmakers with detailed documentation of their findings, the automobile industry meanwhile appears to be waking up to the potential cyber risks to cars: The Alliance of Automobile Manufacturers and the Association of Global Automakers last month announced plans to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features. The industry is now forming a voluntary mechanism for sharing intelligence on security threats and vulnerabilities in car electronics and in-vehicle data networks -- likely via an Auto-ISAC (Information Sharing and Analysis Center).

[Researchers who hacked Toyota Prius and Ford Escape hope to foster a future "car-in-a-box" model for tinkering with vehicle security issues. Read Car Hackers Release Tools.]

IPS "under the hood"
Meantime, there are ways to potentially lock down these advanced features in today's modern vehicles. Miller and Valasek have built a prototype device that detects and stops a cyber attack. They describe it as a sort of intrusion prevention system (IPS) inside a car that would detect that an attacker that had broken into the car's networked radio, and stop him from sending the braking system a message to lock up, for example.

"It's a device you could plug into the car to stop any of the attacks we've done and that others have done," says Valasek, who is director of security intelligence for IOActive.

The researchers in their Black Hat presentation will show video clips of the prototype and how it can stop an attacker. The device basically plugs into a vehicle's diagnostic port.

"It's mostly about an algorithm that detects attacks and prevents them," Miller says. "You could put it under the hood."

Miller and Valasek say their work studying security weaknesses in vehicles is an attempt to get ahead of the threat: The risk of your car getting hacked today is relatively low. And it doesn't mean you shouldn't buy a car loaded with technology, they say. "This is really an opportunistic attack," Valasek says. "It takes a lot of time, effort, dedication, and money to figure out how to perform one of these attacks and to succeed doing it. Joe Consumer doesn't have to worry, but if you're a high-profile person with a lot of technology in your vehicle, it's something to consider."

They say they are conducting this research now ahead of the game and before it gets easier for attackers to exploit these car network and automation features -- a window that they think could close in the next five years.

The researchers -- who at Black Hat will provide more details of their findings and release their paper on them -- have provided carmakers the report. They're hoping the car companies will take the threat seriously and offer ways to lock down weaknesses and vulnerabilities as well as technology to detect and deflect an attack.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
BradleyMace
50%
50%
BradleyMace,
User Rank: Apprentice
8/23/2014 | 9:32:35 AM
Car hack
Nice blog.Car hack is one of the common robery in many cities. Most of the people are sailing fraud cars by creating duplicate documents. So the user must do more verification on the car as well as on the documents. By doing this only he may skip away from fraudulent activities. There should be some proper legal arrangement by the Govt which will act as hurdlle for the hackers.

 
mark26
50%
50%
mark26,
User Rank: Apprentice
8/20/2014 | 7:50:14 AM
Car Hack
There are different crimes in New Work City based on car theft, car hacking etc. The article says now Audi 8, BMW; Mercedes etc are hacked by Black Hat people. The issue is very big & critical as it is not safety for car users. There are many features in latest cars but there is no guarantee of safety to cars. These hackers can anywhere hack a car sitting outside home.

Mercedes Benz Used Walpole, MA
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/10/2014 | 9:07:27 AM
Re: Security Overlooked
After working with many different medical device manufacturers, I have to say that I agree.  Most of these companies have never even considered security in their design process or do not understand it.  For example, one infusion pump company that I have worked with sent all of their data unencrypted over wifi, accepted all their commands unencrypted and had a hard set admin password.  After confronting the company over these matters their response was, "These are areas we do not see as a priority to change at this time."

Hopefully, the automobile industry will take security seriously so we can avoid any major issues, but I have my doubts.
RickDelgado
50%
50%
RickDelgado,
User Rank: Apprentice
8/7/2014 | 7:03:30 PM
Security Overlooked
This is a good reminder of how important security will be for IoT. While those of us who are concerned about these connected devices can certainly avoid them (for now), a big concern should be all of the connected medical devices that lack any form of security.
ShaunR512
50%
50%
ShaunR512,
User Rank: Apprentice
8/6/2014 | 12:41:09 PM
Re: Stupid
same reason the put critical ifastructure on a networt......their stupid as hell
sandkiwi
50%
50%
sandkiwi,
User Rank: Apprentice
8/6/2014 | 11:15:06 AM
Stupid
Why the hell does a car's brakes and steering need to be networked. Sounds pretty ludicrous that the radio can talk to the brakes. Just wait till driverless cars come in, then we'll see some real problems. I think we're becoming to smart, and lazy, for our own good.
Pezzle
50%
50%
Pezzle,
User Rank: Apprentice
8/6/2014 | 10:51:33 AM
Re: Chrysler responds
Surely the most simplest/obvious threat is the most important to stop. No access into the network, no control of the controllers on the network and also, and as already mentioned, segregate the network(s).
LUFU
50%
50%
LUFU,
User Rank: Apprentice
8/5/2014 | 6:13:52 PM
Buckle up
I note while the Jeep, Infiniti, and Escalade made the top list for the most "hackable" they couldn't crack IIHS' top list for safety. First, the autos are the safest vehicles out there which makes them even more dangerous when a hacker takes charge and steers the car for you.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/5/2014 | 3:21:49 PM
Re: How about TVs?
I'm glad that smart peope are on top of these new treats from all the mundane "things" in our life that we take for granted. But they have their work cut out for them. There are orders of  magnitude more "things" in the IoTs than in the just plain internet we are used it!
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/5/2014 | 3:02:15 PM
Re: How about TVs?
What the car hacking, medical device and upcoming TSA system and satellite hacking research show is the the potential for public safety to be compromised as well. That is the scariest part. The good news is the good guys are trying to find these vulns before the bad guys do.
Page 1 / 3   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.