The Most Hackable Cars On The Road

The MOST HACKABLE CARS on the Road The cars with the highest risk of digital threat tend to have the most features networked together, especially where radio or Wi-Fi networks can be connected to physical components of vehicles. KEY Vulnerabilities Systems Affected 8 2014 Jeep Cherokee Jeep Uconnect System O Navigation The Jeep Cherokee is the only vehicle to be recalled due to its potential hackability, with 1.4 million cars (various Dodge, Jeep, and Chrysler models) being voluntarily recalled in response to research finding that they were vulnerable. The company claims that there had been no known injuries related to hacking of vehicle systems. Wi-Fi 3 Bluetooth Adaptive Cruise Control Brakes Parking Engine Assistance Crash 2 Steering Mitigation Lane-departure Warning Systems X 2014 Infiniti Q50 Infiniti Cellular ll) Network Connection System 8) Bluetooth AM/FM/XM In 2013, Infiniti recalled their 2014 Q50 model due to a fault in its Direct Adaptive Steering software, which could potentially disable the power steering software when the engine compartment reached freezing temperatures. Radio Driver Adaptive Adaptive Cruise Control Remoteless Assistance Steering Key Entry 8 2015 Cadillac Escalade OnStar System The hackability of the 2015 Escalade, much like the Jeep Cherokee, is due to one big security flaw: it's that the car's apps, Bluetooth and Wi-Fi On 3) Bluetooth telematics are on the same network as the engine controls, steering, brakes, and tire pressure monitor system. Brakes Remoteless Key Entry 62 Steering 2014/2010 Toyota Prius In 2014, Toyota recalled an astounding 1.9 million Prius hybrids (more than half of all Prius cars ever sold) due to faulty software in the car's hybrid-control system. Safety Connect System Cellular Network Bluetooth AM/FM/XM Radio SoS Proprietary Radio Self-parking System Pre-Collision Systems Adaptive Cruise Control (2010 Prius) Steering Remoteless Brakes Key Entry X 2014 Ford Fusion In the beginning of 2015, Ford, GM and Toyota were sued because their vehicles' systems contained flaws that allowed hackers to control SYNC System O Navigation some of the cars' features from anywhere. Wi-Fi 3) Bluetooth Remoteless Proprietary Radio Cellular Key Entry Network Least Hackable Cars The least hackable cars contain the fewest computerized and networked components. That way, the vehicle's networks can't communicate with other physical components of the vehicle like the door locks, power steering, and sunroof. 2014 2014 2014 Audi A8 Dodge Viper Honda Accord Tesla Model S A recent conference in China hosted a hackathon, attempting to break into a Tesla Model S. The results: only one team was able to actually hack the vehicle, and, in doing so, able to operate the car's lights, horn, and sunroof. were only O How Far Away Can You be to Remotely Hack a Vehicle? Passive Anti-Theft (C) Radio data system: * Bluetooth: Sytem: 10 meters 100 meters 10 meters Smart key: 5-20 meters Wi-Fi: Anywhere with internet access How Is This Possible? It is estimated that there are between 20 and 70 computers within any given car system, each with its own specialized function and varying degrees of communication with other computers. Of the 21,000 vehicles stolen in London in 2013, it is estimated that 47% were subjected to some form of electronic hacking. The majority of these hacks involved using electronic devices to fool the vehicle's security systems into believing a key was present, which disables security systems. Luxury vehicles with keyless entry systems were the primary target of such attacks, with 16 such robberies reported each day in London. At this time, hacking vehicles to affect their physical components is extremely difficult. However, the implication of future hacking abilities has caused major concern in the industry and with consumers. How Do They Do It? Hacks that have been demonstrated typically occur in 3 stages: 1. Remote compromising of some communication system 2. Sending messages to cyber-physical components 3. Making the destination ECU perform some action What Can Be Affected? Telematics System A car's telematics system is used for notifying police in the event of a crash, remotely disabling a stolen vehicle, and offering diagnostic information. Hack Difficulty The Defense Companies like OnStar have improved their systems' security by implementing "White Lists" that limit the number of computers approved to connect their systems. It is the central point which most hackers are attempting to reach in order to control physical components of a vehicle. In August 2015 General Motors issued a By gaining access to this system, a hacker could disable a car's ignition system. patch to their OnStar vulnerability. The fix included a new version of their OnStar smartphone app, which can be used in hacking and infiltrating a GM vehicle's systems. MP3 Malware The Defense Malware downloaded via uncontrolled MP3S can work its way into the car's CAN Bus (controller-area-network) and control physical properties of Automakers are increasingly shielding entertainment systems from other networked components of vehicles. the car such as the brakes. The 2011 Chevy Volt and other new GM vehicles verify data using the same technology that retailers use to process credit cards. Unauthorized Apps As vehicle infotainment systems advance, automakers seek to expand their functionality through downloadable apps. Just like smartphones, this carries with it the potential for malware. The Defense Automakers are increasingly shielding entertainment systems from other networked components of vehicles. Automakers are extremely strict about what sorts of apps they allow their vehicles to download. Some automakers even run downloadable apps through remote servers in an effort to ensure that users do not accidentally install malware in their vehicle. OBD-II Hackers were able to demonstrate the possibility of writing a program and installing it into a vehicle directly by loading it onto a hard drive and plugging it into the OBD-Il port. Once installed, every system within the car could be controlled. </> The Defense The OBD-II is the system your mechanic uses to make diagnostic checks. This is somewhat harder to defend against, as encryption data in vehicles is a relatively recent development. This method provides direct access to the car's systems. Auto makers are now improving their encryption and implementing security measures such as digital signatures. Door Locks Power locking systems are connected to other systems in the car so that they can perform functions such as automatically locking when the car is put into drive, or automatically unlocking if the airbag deploys or the keys are accidentally locked in the car. Hack Difficulty If the locking mechanism can be breached, it can be X used to gain access to more connected systems such as OBS or The Defense Measures actively defending against this hack are relatively rare, such as Ford's use of one-way messaging systems between systems. infotainment. What Can Be Done? Most of the security for your automobile is controlled solely by the manufacturer. While automotive manufacturers have been slow to publicly admit to the dangers of their cars being hacked, recent high profile car hacks have refocused their efforts to be more transparent on the development of security features that protect their vehicles from hackers. What can consumers do to help protect our vehicles from being hacked? Protect your automobile by keeping it locked and secure at all times and make sure you don't leave infotainment and navigational user information accessible in your car, such as account information and/or passwords. Be aware of the wireless systems on your vehicle. Wireless systems provide an entry point into the vehicle. Make sure your vehicle has the most recent software security updates; this should be done at a reputable dealer. Use only known reputable dealers to work on your car. The person working on your car has complete access to the car's computerized system. PT&CLWG Forensic Consulting Services Sources http:/www.bbc.com/newstechnology-33650491 http:www.digitaltrends.com/cars/fca-responds-tojeep-cherokee-hack-issues-patch httpwwwbankrate.com/financelsutolimost-hackable-cars-10aspx http:/www.darkrending.com/vunerablities-thrents/advanced-threats/the-worlds-most-hackable-cars/didid129T753 httlpoo darkreading.com/vulnerabities -threats/advanced-threats/the-worlds-most-hackable-cars/dldid/1297753 maney.chi.coni2014/O8/Otechnologysecunitymosinackabe-cr http//www.betsboston.com/mews/2015/08/03/ater-car-hack-internet-of-hings-looks-skieu http://www.digitajournalcom/artidera57728 https/blog.caranddriver.com/tesla-model-s-hackathon-in-china-turms-up-nothing-more-sinister-than-parlor-tricks/ http:www.motors.co.uknews/securitylelectronic-car-thet-on-tne-rise http://www.gizmodo.co.uk/2015/02/cars-are-doomed--they-can-be-hacked-open-by-thieves/ http:www.scribd.comvdoc/236073351Survey-of-Remate-Attack-Surfaces http://www.digtajournalcom/ertide/357728 http://www.thefioridanewsjournal.com/2012m12/new-studies-show-smortphones-are-becoming-increasingly-hacked htp:www.extremetech.com/extreme/21483-gm-fes-reftxes-onstar-remotelink-hack hmpwww.caranddiveccom/features/can-your-car-be-hacked feature