(Cyberwar.news) The Government Accountability Office has just released a rather sobering report that should concern all drivers of new- and late-model automobiles: As more of them become part of the “Internet of things,” they are more at risk of being hijacked by hackers while in operation.
As reported by The Washington Post, the GAO study, “Vehicle Cybersecurity,” found that computerization in newer vehicles makes them safer and more fun to drive, but also puts them more at risk of entry by cyber thieves, terrorists and thrill-seeking geeks.
While GAO said it currently knows of no cyberattacks that have resulted in injury yet, its report nevertheless warned that remote “attacks could involve multiple vehicls and cause widespread impacts including passenger injuries or fatalities…cyber attackers could theoretically achieve massive attacks of multiple vehicles simultaneously.”
Indeed, modern electronics actually provide hackers with a number of entry points to your vehicle, and sometimes without even touching it. With direct access to a vehicle’s electronics, hackers can plug into the on-board diagnostic port now in many vehicles. Hackers can gain short- and long-range remote wireless access via systems for keyless entry, Bluetooth wi-fi, cellular calls and satellite radio, the GAO noted.
The Post reported further:
Advanced electronics also allow cars to have safety features such as collision warning and automatic emergency-braking systems. These goodies come with lots of software. Citing Transportation Department data, the GAO said “a modern luxury vehicle could contain as much as 100 million lines of software code.” That’s about 15 times more than a Boeing 787 Dreamliner, which carries hundreds of passengers on long-range flights.
“[A]s the lines of vehicle software code increase, so does the potential for cybersecurity vulnerabilities that could be exploited through vehicle cyberattacks,” the report said.
One spot of good news, though: Apparently, such hacking attacks are not imminent. Experts interviewed by GAO said that “such attacks remain difficult because of the time and expertise needed to carry them out.
And while such warnings are not meant to be alarmist, neither are they to be dismissed because the technology certain exists.
In 2011, researchers from the University of Washington and the University of California-San Diego were able to gain remote access to vehicles “by exploiting software vulnerabilities” in OnStar and Bluetooth systems in GM vehicles, the GAO report noted, adding that they were able “to take physical control over the vehicle, such as controlling the display on the speedometer, shutting off the engine, and controlling the brakes.”
And last year an experiment on a Jeep Cherokee had similar results. Soon after, the company, Fiat Chrysler, recalled 1.4 million vehicles.
- FBI, NTSB warn that our vehicles are increasingly vulnerable to hacking
- 150 million vehicles will be vulnerable to hacking by 2020
- Feds: Chrysler the only automaker with radio-induced cyber vulnerabilities