Dezeen Magazine

Driving car

Connected cars face hacking threat thanks to wireless safety features

News: hackers could exploit wireless and internet-based technologies already being used in new car designs to take control of vehicles – creating the potential for a "terrorist-type threat".

Edmund King, president of British motoring group The AA, has warned that fitting cars with internet connections and wireless networks could provide hackers with an easy-access route to control braking, steering and acceleration, as well as personal information.

"You’re getting cars that are connected to the internet 24 hours a day. If cybercriminals targeted automobiles like they’re targeting other things we'd be in for a hard and fast ride," King told British newspaper The Times.

"The more cars rely on technology, particularly remote technology, the more there is to get at," he said. "Ultimately there could be a terrorist-type threat to transport systems. I don't think we're there yet but it is something that needs to be addressed."

His comments come in the wake of a number of demonstrations that have shown how individuals can take control of a car's system through its Controller Area Network (CAN) – the name given to the car's internal computer – via bluetooth or wireless networks.

The CAN is used to provide safety systems like cruise control and auto piloting as well as assisted braking and steering, guided parking, central locking, airbag deployment and a range of other features. In some models it also powers the car's in-built GPS.

Many of these systems form the base technology for driverless vehicles, which rely on wireless internet location services to navigate roads. Mobile apps that synchronise with data stored by the car could be another point of weakness.

A number of car brands have recently released models that rely heavily on wireless and GPS technologies for some of their core functionality, including Tesla's Model SD electric car, which could be "summoned" by owners to pick them up autonomously using the company's new Autopilot function.

Earlier this year, two Spanish security experts created a $20 (£12.80) CAN hacking tool that uses a $1 (£0.64) computer chip to bypass any encryptions of the car's software, allowing it to read and write data from the computer's memory.

Once installed the device can be controlled remotely, giving an individual access to functions like braking, alarms and airbags.

In May, Vice magazine posted a video showing how a car could be hacked into wirelessly using a laptop, including a first-hand demonstration from information security researcher Mathew Solnik.

In 2013, Charlie Miller and Chris Valasek, a security engineer at Twitter and a director of security intelligence at the Seattle consultancy IOActive respectively, demonstrated the results of a year's worth of Pentagon-funded research into security vulnerabilities in cars by hacking a Ford Escape and a Toyota Prius.

But their hacks relied on physical access to each car's systems. John Hanson, safety manage for Toyota, told Forbes that wireless hacking was a more serious risk.

"Our focus, and that of the entire auto industry, is to prevent hacking from a remote wireless device outside of the vehicle," he said.  "We believe our systems are robust and secure."