The 20 most hackable CARS revealed: Report lists the smart vehicles that are most at risk of having their systems hijacked


comments

Security experts have warned for months that smart cars are vulnerable to hackers, and now a pair of researchers has revealed the specific vehicles that are at the greatest risk.

Chris Valasek and Charlie Miller studied the schematics for a range of cars from the 2006 Range Rover Sport to this year's BMW 3 Series.

The 2014 Jeep Cherokee and 2015 Cadillac Escalade were the most vulnerable of the cars studied, while the 2006 Ford Fusion and 2010 Range Rover Sport were listed as two of the most secure.

Security experts have been warning for months that cars are vulnerable to attack from hackers, and now a pair of researchers has revealed which vehicles are the most at risk. According to the report, the 2014 Jeep Cherokee (pictured) and 2015 Cadillac Escalade were the most vulnerable of the cars studied

Security experts have been warning for months that cars are vulnerable to attack from hackers, and now a pair of researchers has revealed which vehicles are the most at risk. According to the report, the 2014 Jeep Cherokee (pictured) and 2015 Cadillac Escalade were the most vulnerable of the cars studied

Mr Miller is a security engineer at Twitter, and Mr Valasek is director of Security Intelligence at IOActive.

Other cars that performed poorly in their tests were the 2010 and 2014 Toyota Prius, as well as the 2014 Infiniti Q50.

The report has been shared with the Department of Transportation and industry group, the Society of Automobile Engineers.

 

Each car was rated under three categories – attack surface, network architecture and cyber physical.

A car's wireless 'attack surface' includes the range of features that can be hacked, including Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems.

TABLE KEY
TABLE TITLE
CAR ATTACK SURFACE NETWORK ARCHITECTURE CYBER PHYSICAL
2014 Jeep Cherokee ++ ++ ++
2015 Cadillac Escalade ++ + +
2014 Ford Fusion ++ - ++
2014 Dodge Ram 3500 ++ ++ --
2014 BMW X3 ++ -- ++
2014 Chrysler 300 ++ - ++
2014 Range Rover Evoque ++ - ++
2014 Toyota Prius + + ++
2010 Toyota Prius + + ++
2014 Infiniti Q50 ++ + +
2014 Audi A8 ++ -- +
2010 Infiniti G37 - ++ +
2014 BMW 3 Series ++ -- +
2014 BMW i12 ++ -- +
2014 Dodge Viper ++ - --
2014 Honda Accord LX - + +
2010 Range Rover Sport - -- -
2006 Range Rover Sport - -- -
2006 Toyota Prius - -- --
2006 Ford Fusion -- -- --
*A '+' sign means a car is 'more hackable', and a '-'sign represents a 'less hackable' vehicle.*

A car's wireless 'attack surface' includes the range of features that could be hacked, including Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems.

The network architecture includes how much access these features give to the vehicle's critical systems, such as the horn, the steering and brakes.

Cyber physical relates to capabilities such as automated braking and parking sensors that could be controlled using wireless commands.

The network architecture includes how much access these features give to a vehicle's critical systems, such as the horn, the steering and brakes.

Cyber physical relates to capabilities such as automated braking and parking sensors that can be controlled using wireless commands.

'Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks,' said Mr Valasek and Mr Miller.

The 2006 Ford Fusion (pictured) and the 2006 and 2010 Range Rover Sport were listed as two of the most secure vehicles studied

The 2006 Ford Fusion (pictured) and the 2006 and 2010 Range Rover Sport were listed as two of the most secure vehicles studied

'A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.

'Unfortunately, research has only been presented on three or four particular vehicles.

'Each manufacturer designs their fleets differently; therefore analysis of remote threats must avoid generalities.

'[Our research] takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective.

The results were published in a 92-page report presented at the Black Hat conference in Las Vegas.

Mr Miller and Mr Valasek were the same researchers who demonstrated hacking a Toyota Prius and a Ford Escape last year.

Each car was rated for attack surface, network architecture and cyber physical. A car¿s ¿attack surface¿ includes features that can be hacked. Network architecture includes how much access these features give to steering and brakes. Cyber physical covers automated functions. The 2015 Cadillac Escalade is pictured

Each car was rated for attack surface, network architecture and cyber physical. A car's 'attack surface' includes features that can be hacked. Network architecture includes how much access these features give to steering and brakes. Cyber physical covers automated functions. The 2015 Cadillac Escalade is pictured

Using a laptop wirelessly connected to the car's electronics, they were able to remotely control the brakes, the accelerator, change the speedometer, switch the headlights on and off, tighten the seatbelts and even blast the horn.

The project was funded by a grant from the U.S Defense Advanced Research Projects Agency to highlight the security risks affecting modern-day cars.

Infinity told Wired that the researchers didn't physically hack the car, but said it is looking into the claims. This was also true for Chrysler.

MailOnline has contacted the other manufacturers mentioned for their view on the findings.

 



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe

0 comments:

Post a Comment