How Hackable Is Your Car? Consult This Handy Chart
Last year, when hackers Charlie Miller and Chris Valasek showed they could hijack the steering and brakes of a Ford Escape and a Toyota Prius with nothing but laptops connected to the cars, they raised two questions: Could hackers perform the same tricks wirelessly, or even over the Internet? And even more pressing: Is your specific car vulnerable, too?
If you own a Cadillac Escalade, a Jeep Cherokee or an Infiniti Q50, you may not like the answer.
In a talk today at the Black Hat security conference in Las Vegas—and an accompanying 92-page paper—Valasek and Miller will present the results of a broad analysis of dozens of different car makes and models, assessing the vehicles’ schematics for the signs that hint at vulnerabilities to auto-focused hackers. The result is a kind of handbook of ratings and reviews of automobiles for the potential hackability of their networked components. “For 24 different cars, we examined how a remote attack might work,” says Valasek, director of vehicle security research at the security consultancy IOActive. “It really depends on the architecture: If you hack the radio, can you send messages to the brakes or the steering? And if you can, what can you do with them?”
Miller and Valasek are quick to disclaim that their results aren’t definitive assertions about security vulnerabilities in cars and trucks so much as warnings of potential weaknesses. In contrast to their 2013 research, they didn’t do any hands-on hacking. In fact, their recent work consisted mostly of signing up for mechanics’ accounts on the websites of all the carmakers, downloading the cars’ technical manuals and wiring diagrams, and analyzing the computer networks those documents revealed. “We wanted to take a step back and look at a whole range of cars in much less detail, to really see what was out there,” says Valasek.
In the two researchers’ analysis, three vehicles were ranked as “most hackable”: the 2014 models of the Infiniti Q50 and Jeep Cherokee and the 2015 model of the Cadillac Escalade. The full results, summarized in the chart below, show that the 2010 and 2014 Toyota Prius didn’t fare well either.