They're hackable with physical access. But with physical access you can also snip a brake line, wire in a bomb, so much other stuff. They're basically unhackable over-the-air. (Source: did a bunch of research as a "security expert" when my company needed to release some official statements).
So it's good for disguising an "accident" but not really anything to worry about otherwise.
Here's the whitepaper on how it's been done. It took them a year of phyiscal access to come up with a solution that could theoretically be done entirely remotely, for one specific firmware version of car, resulting in an attack that takes hours in order to work. http://illmatics.com/Remote%20Car%20Hacking.pdf It's just absolutely not worth doing
I used to work in the automotive cyber industry. If your car has a connection to the internet - it can be hacked.
All you need is a way into the CAN bus. The CAN bus is the electrical cable(s) that controls basically everything in the car, including your windows, lights, gear, gear interlock, brakes, and gas.
Your entertainment system is connected to it (so for example, it can show the radio station on your dashboard). Meaning, you hack that (and its not hard), you pretty much control the entire car.
It's an old system from the 80s and has ZERO security measures. It's extremely easy to control a car through the internet given a connection.
It's decently easy if you have access to the canbus, yes. But getting remote access to the canbus is anything but "extremely easy"
You have to scan networks until the right vin pops up, rewrite the infotainment software to give you a backdoor into canbus, upload the new iso to the infotainment system, do more hacking to get the software to mount your iso to emulate a USB drive to bypass those security features, and then get through the entire update process while all the modems are disabled.
If it was extremely easy it wouldn't have taken the two specialists an entire year to pull off - with physical access. If it was extremely easy mossad would have hacked that nuclear specialists car instead of setting up a remote turret/carbomb. We would hack isis leaders cars instead of dronestriking them. If you still think it's easy I'll send you my vin and give you 10:1 odds on a friendly wager!
Because what it all comes down to is: Putting a few holes in the fuel line and brake line is 10,000x easier.
No, you don't need to rewrite the infotainment software. Most of those systems run some variation of android with security patches from like 2015. You can find easy exploits online right now. If you think that's the hard part I've got some news for you...
The hard part is actually locating and getting access to the system in the first place, not actually hacking it - considering the backdoor access alphabet agencies have.
Shouldn't be too hard though with the might of the US intelligence, especially if you use a SIM card for your internet connection...
They're hackable with physical access. But with physical access you can also snip a brake line, wire in a bomb, so much other stuff. They're basically unhackable over-the-air. (Source: did a bunch of research as a "security expert" when my company needed to release some official statements).
So it's good for disguising an "accident" but not really anything to worry about otherwise.
Here's the whitepaper on how it's been done. It took them a year of phyiscal access to come up with a solution that could theoretically be done entirely remotely, for one specific firmware version of car, resulting in an attack that takes hours in order to work. http://illmatics.com/Remote%20Car%20Hacking.pdf It's just absolutely not worth doing
Not true.
I used to work in the automotive cyber industry. If your car has a connection to the internet - it can be hacked.
All you need is a way into the CAN bus. The CAN bus is the electrical cable(s) that controls basically everything in the car, including your windows, lights, gear, gear interlock, brakes, and gas.
Your entertainment system is connected to it (so for example, it can show the radio station on your dashboard). Meaning, you hack that (and its not hard), you pretty much control the entire car.
It's an old system from the 80s and has ZERO security measures. It's extremely easy to control a car through the internet given a connection.
It's decently easy if you have access to the canbus, yes. But getting remote access to the canbus is anything but "extremely easy"
You have to scan networks until the right vin pops up, rewrite the infotainment software to give you a backdoor into canbus, upload the new iso to the infotainment system, do more hacking to get the software to mount your iso to emulate a USB drive to bypass those security features, and then get through the entire update process while all the modems are disabled.
If it was extremely easy it wouldn't have taken the two specialists an entire year to pull off - with physical access. If it was extremely easy mossad would have hacked that nuclear specialists car instead of setting up a remote turret/carbomb. We would hack isis leaders cars instead of dronestriking them. If you still think it's easy I'll send you my vin and give you 10:1 odds on a friendly wager!
Because what it all comes down to is: Putting a few holes in the fuel line and brake line is 10,000x easier.
No, you don't need to rewrite the infotainment software. Most of those systems run some variation of android with security patches from like 2015. You can find easy exploits online right now. If you think that's the hard part I've got some news for you...
The hard part is actually locating and getting access to the system in the first place, not actually hacking it - considering the backdoor access alphabet agencies have.
Shouldn't be too hard though with the might of the US intelligence, especially if you use a SIM card for your internet connection...