Connected Car Hacking, More FUD than Reality

Liz Slocum Jensen · January 28, 2015

Connected Car Hacking, More FUD than Reality Image

The connected car is hackable but it is difficult. This has been proven by several research-based projects involving people with a lot more expertise, time, and resources than the average programmer has. The photo above is recent real-life proof. I was at a car hackathon and the keys were locked inside one of the demonstration cars. In a room full of people tasked with hacking a car, no one was able to open the car remotely. Instead, the event organizers ended up calling a roadside assistance service to force the car door open. Usually, the best way to compromise a car is the old fashioned way.

Still, whenever I tell someone that I work in connected cars, there is a consistent fearful reaction of cars getting hacked. Protecting yourself against security compromises is mostly about risk management. You can read the original full text of my OS Delivers guest blog post Managing the Risks of Connected Car Security here, but I broke down that major points and actionable items below:

3 Major Motives of Hacking

There are three main motivations for hackers: challenge, profit, activism. Take note that the scariest cars hacks were by the best security experts in this field engaged in long term studies.

1. Challenge/Research

Most notable car hacks fall under this category. In these cases, security experts were given grant money to find security vulnerabilities. Over a year or so, these experts were able to take control of the car as long as they also had physical access to the car to install additional hardware.

2. Financial Gain

One of the more famous recent profit-motivated hacks was the compromise of 56 million credit cards of Home Depot customers. Some hacks in this category are straight-forward access to financial records. In other cases, the goal is to leverage the processing power of the user’s computer. Usually, the end user does not even know that the computer has been turned into a “zombie” except for the occasional slowdown in performance. There has yet to be a noteworthy car-related hack that was motivated by financial gain.

3. Activism

Activist-motivated attacks, also known as hacktivism, promote a political agenda; usually free-speech, human rights, or information technology ethics. The car is not an ideal platform is not an ideal platform for hacktivism because it lacks constant connectivity over high bandwidth and persistent electricity.

Security is about risk mitigation and management. As consumers and software developers, we should all take the following basic precautions.

What consumers can do

What developers can do

Still, as an informed and vigilant user, I look forward to bringing the car into my connected lifestyle safely.

Road Rules is getting ready to launch its app that will help automate tasks while you drive. Sign up to be one of the first to try it out!

Photo by Liz Slocum Jensen. Used with permission.

Sign up for beta access

We're looking for early adopters. Sign up and we'll send you an invitation as soon as we launch beta.