Vulnerabilities in connected cars could allow a malicious hacker to wreak havoc on our nation’s roadways leading large scale injuries and death according to Consumer Watchdog.
If it’s Connected it’s Vulnerable
That’s the general message we’ve been reporting for the past decade on this blog and automobiles are no exception. Way back in 2015 researchers Miller and Valasek showed that they could take control of an unaltered 2014 Jeep Cherokee affecting both the steering and braking systems. At this year’s Black Hat hacker conference researchers from Keen Security Lab revealed details of vulnerabilities they found in late model BMWs. Clearly automobiles remain vulnerable and to make matters worse there are far more connected cars today than there were back then.
CAN Bus Vulnerability
While someone hacking your car’s infotainment system to steal your personal information would be annoying and perhaps leave you in a bad mood, someone hacking your car’s CAN bus system could leave you injured or dead. Your car’s CAN bus system is akin to your body’s central nervous system. It controls all of the essential engine, braking, transmission, electrical, climate AND Safety systems.
Comfort Might Kill You
So you might ask “Why would an automaker connect something as critical as CAN bus to the Internet and create a vulnerability?” That’s a great question with a lot of possible answers but one answer is that they do it on purpose to allow you, the end user, to have a more comfortable automotive experience! You see, that same creature feature that allows you to remotely start your car from your smart-phone and dial down the AC so you can hop into a pre-cooled car is just one example of how CAN bus systems become connected to the Internet. Unfortuntately, there are many many more examples that affect vehicles of all shapes, sizes and price points so driving a budget box doesn’t necessarily mean that your car is not vulnerable!
According to Consumer Watchdog a concerted large scale attack could unfold according to this troubling schedule:
- 19 Million cars on the roads at rush hour
- 75 Million cars potentially hacked at once
- 262,500 cars actively being driven at the time of attack
- 134,400 projected injuries from attack
- 3,000 projected fatalities.
It takes little imagination to envision what a complete mess the roadways would be with that many disabled vehicles clogging the roads. Emergency response would be crippled and life-saving aid delayed.
Kill Switch – The Recommend Short Term Fix
The Consumer Watchdog report concludes that the simplest and least expensive “quick fix” to these vulnerabilities is a “kill switch”. This $0.50 switch would allow the consumer to create an air gap between all remotely-accessible components and the CAN bus system. Of course, unless these switches could somehow suddenly be installed on all the existing vulnerable automobiles on the road it isn’t really a viable solution. A simpler and even less expensive approach they argue would be to remove all vehicles from the cellular network. Of course that would disable a host of features that many consumers enjoy and rely upon and automakers advertise and market to make their cars more attractive. Chances are neither of these recommendations is ever going to happen.