Car hacking: Imminent threat or farfetched fear?

According to a recent report from cyber-security experts at RSA, in today’s increasingly computerized world, cyber-crime issues "comprise a threat horizon that continues to accelerate and expand with no end in sight".

Since much the same can be said about the growth of computing power in today’s vehicles -- which rely on technology for everything from 3D navigation graphics to semi-autonomous driving capabilities -- the risks for having your car or truck hacked would seem to be on the rise as well. But should current drivers be worried about the issue right now, or is it time to pump the brakes on the car-hacking panic?

Sound the Alarm

The article starts off like a high-tech nightmare, with Wired’s Andy Greenberg detailing how hackers gained control of his Jeep Cherokee as he was driving near St. Louis, eventually disabling the transmission and bringing the vehicle to a complete halt. As an outcome, Fiat-Chrysler Automobiles, Jeep’s parent company, ended up recalling some 1.4 million vehicles to address the concern.

It was not the first time a journalist’s car had been successfully targeted by a cyber-attack. Before then, a 60 Minutes segment showed the results of a remote vehicle hack through GM’s OnStar telematics system, with Leslie Stahl behind the wheel.

If all that makes the risk of car hacking sound pretty serious, well, the FBI and NHTSA agree with this assessment. Those high-profile incidents occurred in 2015, and by the spring of this year, the FBI and NHTSA had become so concerned about cyber security that they issued a joint public-service announcement for consumers. A key takeaway was a direct confirmation that "researchers could gain significant control over vehicle functions remotely by exploiting wireless communication vulnerabilities".

Meanwhile, in-vehicle wireless-communication technology, from Bluetooth connectivity to full-on mobile Wi-Fi access, is only becoming more common. Almost all cars, trucks and SUVs currently have the former, and most vehicles from Chevrolet and the rest of the GM brands now come with the latter as standard equipment. Ford’s next-gen SYNC 3 infotainment system also relies on Wi-Fi for software updates, and premium brands, such as Mercedes-Benz, have launched vehicle-to-vehicle (V2V) communication technologies. V2V systems hold much promise for increased automotive safety, since they allow cars to share data about accidents and traffic conditions, for example, so that drivers can take preventative action. But they’re also another one of those potential "vulnerabilities".

Yet even in the face of this concerted push to raise awareness about the threat of car hacking, and just three months after the PSA from the FBI and NHTSA was released, car thieves were caught using laptops to steal Jeeps in Houston.

Hit the Snooze Button

Especially if you have a newer car with some of those newer technologies, these warnings are almost enough to make you consider giving up driving entirely. But technology reporter David Pogue, among others, wants you to consider a few other facts.

Writing in the Scientific American, Pogue notes that it actually took multiple years and multiple researchers to accomplish the 60 Minutes hack. Also, although Pogue doesn’t mention it, those researchers weren’t just any hackers. They were from one of the U.S. Department of Defense’s most innovative technology organizations, the Defense Advanced Research Projects Agency (DARPA). This was the agency that essentially invented the Internet, so it would be more of a surprise if its scientists couldn’t figure out how to gain access to a car’s computers.

Similarly, it took the two people behind the Wired incident two years of work to go from hacking a vehicle using a physical device to showing off their fully wireless remote-control capabilities—on what was their own Jeep. And when they revealed more ways to take over a vehicle’s internal computing network in August, Wired indicated that they needed "a laptop directly plugged into the Jeep’s CAN network via a port under its dashboard".

The point being that if cyber criminals need physical access to a vehicle before they can hack it, the first line of defense is much the same as against any car thieves, because it involves stopping a break-in.

Pogue’s analysis sparked a response from Wired’s editors, and without getting derailed by the journalistic kerfuffle between the two, it’s clear they share a common ground: Yes, it’s possible for someone with enough time, resources and expertise to gain control of some vehicles by hacking into their computer systems. It’s just not at all probable that it will happen to your car anytime soon.

Image Credit: Georgejmclittle / Shutterstock

As an automotive writer for CARFAX, Charles Krome follows the latest trends in car technology especially as it relates to consumer safety and car value.