Car hacking – are one-third of thefts ‘electronic hacks’? by Rob Waugh
The UK government is to work with car manufacturers to prevent hackers using electronic means to break into increasingly hi-tech vehicles in Britain, after a spate of ‘car hacking’ in London, Computer World reports.
In a speech to independent think tank Reform, Home Secretary Theresa May said that thieves were using “sophisticated devices” to grab car key codes, and driving away in less than 10 seconds without using force, according to the Daily Mail.
The report claimed that “hackers” were behind a third of card thefts in London.
At the Black Hat security conference this summer two researchers launched a petition to change how car companies and technology companies work together. “We request that you unite with us in a joint commitment to safety between the automotive and cyber security industries,” the researchers said via Change.org.
Car hacking: A real risk?
In her speech to Reform, May said, “There have been reports that they could even use ‘malware’ to commandeer vehicle systems via satellites and issue remote demands to unlock doors, disable alarms and start car engines.”
“Because we have this understanding, we can now work with industry to improve electronic resilience, include this kind of resilience in the vehicle’s overall security ratings, and work out the extent to which the same threat applies to other physical assets such as building security systems.”
May’s speech echoes a series of presentations by security researchers which warn that as cars become increasingly ‘connected’, with up to 200 control units each, hacking such vehicles becomes easy.
Two researchers have concluded that this will become even easier once web browsers in cars become more common.
Hackers behind ‘third’ of crimes
Earlier this summer, a group of Chinese researchers showed off a hack which could open the doors on a Tesla S while in motion, as well as controlling other vehicle systems – and the car’s control panel, thought to run a modified version of Firefox, was claimed to be behind the hack.
Charlie Miller and Chris Valasek in their paper A Survey of Remote Automotive Attack Surfacesconclude that the danger of “hackable” cars is expanding – but is about to grow rapidly, as web browsers are added to cars.
“Once you add a web browser to a car, it’s open. I may not be able to write a Bluetooth exploit, but I know I can exploit web browsers.”
Last year a U.S senator urged auto manufacturers to change – and his open letter ignited a spate of commentary, with Market Oracle describing the crime as “cyberjacking”, and pointing out that the average family car contains 100 million lines of computer code, and that software can account for up to 40% of the cost of the vehicle, according to researchers at the University of Wisconsin-Madison.
On the researchers’ page, I am the Cavalry, they say, “Modern cars are computers on wheels and are increasingly connected and controlled by software. Dependence on technology in vehicles has grown faster than effective means to secure it.”