Security experts have been warning for
months that cars are vulnerable to attack from hackers, and now a pair
of researchers has revealed which vehicles are the most at risk.
According to the report, the 2014 Jeep Cherokee (pictured) and 2015
Cadillac Escalade were the most vulnerable of the cars studied
Security
experts have warned for months that smart cars are vulnerable to
hackers, and now a pair of researchers has revealed the specific
vehicles that are at the greatest risk.
Chris
Valasek and Charlie Miller studied the schematics for a range of cars
from the 2006 Range Rover Sport to this year's BMW 3 Series.
The
2014 Jeep Cherokee and 2015 Cadillac Escalade were the most vulnerable
of the cars studied, while the 2006 Ford Fusion and 2010 Range Rover
Sport were listed as two of the most secure.
Mr Miller is a security engineer at Twitter, and Mr Valasek is director of Security Intelligence at IOActive.
Other cars that performed poorly in their tests were the 2010 and 2014 Toyota Prius, as well as the 2014 Infiniti Q50.
The report has been shared with the Department of Transportation and industry group, the Society of Automobile Engineers.
Each car was rated under three categories – attack surface, network architecture and cyber physical.
A
car’s wireless ‘attack surface’ includes the range of features that can
be hacked, including Bluetooth, Wi-Fi, mobile network connections, key
fobs, and tyre pressure monitoring systems.
TABLE KEY
| CAR | ATTACK SURFACE | NETWORK ARCHITECTURE | CYBER PHYSICAL |
|---|---|---|---|
| 2014 Jeep Cherokee | ++ | ++ | ++ |
| 2015 Cadillac Escalade | ++ | + | + |
| 2014 Ford Fusion | ++ | - | ++ |
| 2014 Dodge Ram 3500 | ++ | ++ | -- |
| 2014 BMW X3 | ++ | -- | ++ |
| 2014 Chrysler 300 | ++ | - | ++ |
| 2014 Range Rover Evoque | ++ | - | ++ |
| 2014 Toyota Prius | + | + | ++ |
| 2010 Toyota Prius | + | + | ++ |
| 2014 Infiniti Q50 | ++ | + | + |
| 2014 Audi A8 | ++ | -- | + |
| 2010 Infiniti G37 | - | ++ | + |
| 2014 BMW 3 Series | ++ | -- | + |
| 2014 BMW i12 | ++ | -- | + |
| 2014 Dodge Viper | ++ | - | -- |
| 2014 Honda Accord LX | - | + | + |
| 2010 Range Rover Sport | - | -- | - |
| 2006 Range Rover Sport | - | -- | - |
| 2006 Toyota Prius | - | -- | -- |
| 2006 Ford Fusion | -- | -- | -- |
| *A '+' sign means a car is 'more hackable', and a '-'sign represents a 'less hackable' vehicle.* A car's wireless 'attack surface' includes the range of features that could be hacked, including Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems. The network architecture includes how much access these features give to the vehicle’s critical systems, such as the horn, the steering and brakes. Cyber physical relates to capabilities such as automated braking and parking sensors that could be controlled using wireless commands. | |||
The
network architecture includes how much access these features give to a
vehicle’s critical systems, such as the horn, the steering and brakes.
Cyber
physical relates to capabilities such as automated braking and parking
sensors that can be controlled using wireless commands.
‘Automotive
security concerns have gone from the fringe to the mainstream with
security researchers showing the susceptibility of the modern vehicle to
local and remote attacks,’ said Mr Valasek and Mr Miller.
The 2006 Ford Fusion (pictured) and the 2006 and 2010 Range Rover Sport were listed as two of the most secure vehicles studied
‘A
malicious attacker leveraging a remote vulnerability could do anything
from enabling a microphone for eavesdropping to turning the steering
wheel to disabling the brakes.
‘Unfortunately, research has only been presented on three or four particular vehicles.
‘Each manufacturer designs their fleets differently; therefore analysis of remote threats must avoid generalities.
‘[Our
research] takes a step back and examines the automotive network of a
large number of different manufacturers from a security perspective.
The results were published in a 92-page report presented at the Black Hat conference in Las Vegas.
Mr Miller and Mr Valasek were the same researchers who demonstrated hacking a Toyota Prius and a Ford Escape last year.
Each car was rated for attack surface,
network architecture and cyber physical. A car’s ‘attack surface’
includes features that can be hacked. Network architecture includes how
much access these features give to steering and brakes. Cyber physical
covers automated functions. The 2015 Cadillac Escalade is pictured
Using
a laptop wirelessly connected to the car's electronics, they were able
to remotely control the brakes, the accelerator, change the speedometer,
switch the headlights on and off, tighten the seatbelts and even blast
the horn.
The
project was funded by a grant from the U.S Defense Advanced Research
Projects Agency to highlight the security risks affecting modern-day
cars.
Infinity told Wired that the researchers didn’t physically hack the car, but said it is looking into the claims. This was also true for Chrysler.
MailOnline has contacted the other manufacturers mentioned for their view on the findings.
No comments:
Post a Comment