2014 Jeep Cherokee, 2015 Cadillac Escalade Among Most-Hackable Cars
More Extensive Electronics Also Increase Potential Vulnerabilities
It may sound like the plot of the latest Hollywood sci-fi blockbuster, but the prospect of cars being remotely hacked by those with malicious intent is a real possibility. At the recent Black Hat security conference in Las Vegas, hackers Charlie Miller and Chris Valasek presented a report of the least-secure cars from an electronics security standpoint. The 2014 Jeep Cherokee and 2015 Cadillac Escalade were deemed the “most hackable.” The most secure models reviewed as part of the exercise were the 2010 Range Rover Sport, 2006 Toyota Prius, and 2006 Ford Fusion. Almost all models newer than 2010 had some potential vulnerability.
Overall, Chrysler products fared worst, with vulnerabilities in the attack surface, network architecture, and cyber physical categories. The Infiniti Q50 sedan also fared poorly, with the hackers revealing the potential for the car’s adaptive steering and cruise control to be remotely triggered at high speeds.
Both Nissan and Chrysler said they take the findings seriously but criticized the report’s authors for not coming to them confidentially first before disclosing their findings. The carmakers also pointed out that these vulnerabilities were not actually demonstrably exploited but are based on technical schematics of the vehicles’ architecture, which can be obtained through technical service and repair guides through dealers or third parties. Miller and Valasek also reportedly shared their findings with the Department of Transportation as well as the Society of Automotive Engineers to help automakers design more secure electronic architectures for future cars.
An example of a technologically sophisticated car lauded as being secure was the Audi A8 luxury sedan, which was noted for having a secure gateway separating the car’s communications and connectivity systems from the driving systems such as steering, brakes, and throttle.