Before advanced technology, breaking into cars meant busting windows or using hangers to unlock doors through a cracked window. However, times have changed and thieves have adapted, thanks to the technology that has been installed in cars throughout the years. Many cars are equipped with wireless connectivity through Bluetooth or Wi-Fi that allow communication through mobile devices. This smart technology makes the car vulnerable to hacking. Through a smart phone or laptop, hackers can access anything from the brakes to the ignition to the car door locks. Cars like the Fiat Chrysler, SUVs and trucks feature a Uconnect dashboard, an Internet-connected program located inside the car that controls the vehicle’s entertainment, GPS, phone usage and Wi-Fi hotspot. Through Uconnect, the car’s IP address can be obtained. In July, two hackers, Charlie Miller and Chris Vasalek, demonstrated just how easy it is to take over a vehicle. Wired Magazine reporter Andy Greenberg joined in on the demonstration. While Greenburg drove a 2014 Jeep Cherokee down the road at 70 miles per hour, the hackers were able break through the system and run the Jeep’s air conditioning, windshield wipers, brakes, steering, and even the radio all through a laptop. The hackers were able to do this from 10 miles away. Miller and Vasalek later discovered they could also see where a vehicle was located by using GPS coordinates, along with the vehicle’s identification number, make, model and IP address- all found through Uconnect. This demonstration sparked a nation-wide inspiration to make cars more secure. Two days after the demonstration made by Miller and Vasalek in July, Fiat-Chrysler recalled 1.4 million cars in the United States in July due to the ease-of-access of hackers. The latest model of Ram, Jeep, Dodge and Chrysler vehicles were all affected and all featured Uconnect screens. The 2013-2015 Dodge Viper, Ram 1500/2500/3500/2500/550; 2014-2015 Jeep Cherokee, Grand Cherokee, Dodge Durango, 2015 Chrysler 200, 300; Dodge Charger and Dodge Challenger were all of the vehicles recalled. Chrysler issued the recall in order to repair the software vulnerability of all of these vehicles. In August, three Jeep owners filed a complaint against Fiat-Chrysler and Harman International, the maker of Uconnect program. GM, Ford and Toyota were also all struck in March with lawsuits regarding the cybersecurity scandals.
Fortunately, the Senate also took action against car-hacking the same week of the hacking demonstration and introduced a new Senate bill that seeks to set federal standards on cybersecurity in cars. Two congressional committees are reviewing the issue as well. Miller and Vasalek spoke at the Black Hat security conference in Las Vegas almost a year ago and presented results of an analysis done on dozens of different car makes and models that accessed each vehicle’s level of vulnerability. It was reported that the top three cars most hackable were the 2014 Infiniti Q50, 2014 Jeep Cherokee and 2015 Cadillac Escalade. The analysis based each car on three factors: wireless attack service (Bluetooth, Wi-Fi, cellular network, keyless entry, etc.), network architecture and cyberphysical features such as automated braking or parking. Luckily, Miller and Vasalek had no bad intentions but instead wanted to work to show to public just how simple it is to control a vehicle through a laptop or cell phone. They are working with Chrysler to prevent hacking in the future. At the 2015 Def Con conference in Las Vegas in August, Miller and Vasalek revealed that they would be releasing a 101-paged document of their findings in order to help automobile companies have a better understanding on how to take preventative measures. There have also been different types of car hacking implemented throughout the country. There have even been reports of thieves using high-tech electronic devices to break through cars that have keyless-entries. In March of this year, a West Seattle man fell victim to this trick. A surveillance vidoe shows that the criminal tries to get into the man’s car, but the doors are locked. Moments later, he takes off his backpack and moves it close to the window; he is able to get inside after doing this, according to Q13 Fox News. While fortunately the thief did not steal anything, this raised awareness about all of the different forms of car hacking that are out there.
In August, Samy Kamkar, a security researcher, posted a video on YouTube showing how, through a smartphone app he calls “OwnStar,” he was able to unlock, start and track a GM vehicle due to a software flaw in OnStar. Access to the vehicle through the device requires the hacker to be near someone who has their OnStar app open. Kamkar presented his findings at the 2015 Def Con hacking conference and agreed to work with GM to prevent car-hacking. However, GM was already aware that cars could be hacked and took nearly five years to fully protect its vehicles. A group of researchers performed a similar hack like the Jeep hack, but they failed to report the name of the car they hacked, now known as a 2009 GM Chevy Impala. Since then, however, GM has been pushing customers to update their GM vehicles as to prevent any breach in the software. Recently, Johnathan Petit, a scientist at Security Innovation, revealed through his research that, by using a setup just costing $60, he was able to hack a self-driving car. Petit used a laser-like device and was able to create fake objects that omitted fake echoes to mimic a car, wall or fake pedestrian from up to 100 meters away. Petit was able to target the car from front, side and even behind by using a laser system. He could even cause his fake objects to move.
Petit made an inference that, by using this technology, hackers could be able to confuse a self-driving car and cause it to “think” there was an object directly ahead of it, thus forcing it to stop, according to www.spectrum.ieee.org. Petit also predicted that the self-driving car could become so overwhelmed by the laser signals and become so afraid of hitting something that it would not move at all. Intel announced that they would implement a task force called the Intel’s Automotive Security Review Board (ASRB) to prevent car hackers from accessing vehicles with services like Google’s Android Auto and Apple’s CarPlay. ASRB will be made up of security experts from across the board. With all the technology installed in cars today, we are literally driving metal computers, and, like a computer, a car can be infiltrated through its technological system. It’s only a matter of time when the next form of car-hacking is revealed.