Earlier this year, Valasek and Miller presented their industry-wide study<\/a> of remote hacking possibilities (which are, thankfully, not actual hacks \u2013 yet) for smart cars at Black Hat USA.<\/p>\n What does it take to hack a car? #security<\/p>Tweet<\/a><\/blockquote>\n What they have found is both encouraging and a bit alarming. The good news: It won\u2019t be that easy to hack a smart car \u2013 so no car-based botnets any time soon. And remote grand theft auto is also in the distant future. Hacking a car, according to Valasek, is hard, it\u2019s expensive, and it\u2019s time consuming.<\/p>\n The bad news is it is ultimately still possible, and, according to Valasek, a car attack \u201cwould be very targeted\u201d. Which means that special-purpose vehicle producers and their potential clients \u2013 dignitaries, military personnel \u2013 should pay attention to this study. Most likely, they\u2019d be among the first at risk.<\/p>\n The topic of car hacking actually gets re-ignited on a regular basis. Javier Vazquez-Vidal and Alberto Garcia Illera demonstrated<\/a> vehicle control using a $20 device at Black Hat Asia 2014. There were discussions of how \u201cold and dumb\u201d the car computers were, \u201cbuilt safely enough back in the 1990s, when the car was a closed box\u201d.<\/p>\n In August, Wired ran an article<\/a> about a security researcher who found a way to \u201cspoof the signal from a wireless key fob and unlock a car with no physical trace, using a code breaking attack that takes as little as a few minutes to perform\u201d.<\/p>\n Then, last month, the security firm Coalfire started publishing the findings of their research<\/a> and penetration tests aimed at the car systems, going as far as to show how a built-in smartphone connectivity to the automotive system can be exploited \u2013 essentially it boils down to a compromised vCard in the phone and an SQL injection attack.<\/p>\n \u201cSuccessful exploitation often grants unfettered access to the infotainment system, which is essentially just a QNX operating system. A foothold like this can then be used to exploit a variety of other subsystems including the CAN bus, further exposing the vehicle and those inside to risk. The research is out there, we need only to tie it together\u201d,<\/em> \u2013 researchers said.<\/p>\n They have also stated that by exploiting \u201cvulnerabilities discovered in hidden and undocumented interfaces,\u201d they were able \u201cto harness GPS functions to locate cars, lock and unlock vehicles, and perform other malicious tasks\u201d.<\/p>\n Linked above is just the first part of their research, but it\u2019s definitely worth reading the entire report.<\/p>\n Hacking a car, in theory, may lead to dire consequences \u2013 it\u2019s just too easy to imagine what real bad guys can do with a car they have hijacked remotely.<\/p>\n Hacking my car: not a reality yet, but it\u2019s coming #security<\/p>Tweet<\/a><\/blockquote>\n But remote access has several requirements: the car system should have an entry point with a \u201cwelcome, hackers\u201d sign on it, this entry point should be connected to essential systems such as brakes, steering, or airbags. Miller and Valasek note in their research that in certain models of smart cars, so-called \u201cviable attack points\u201d \u2013 Bluetooth, telematics, radio \u2013 are isolated from the safety critical components, so that they even work on different computer networks. That\u2019s apparently the safest possible architectural approach given cars are no longer the \u201cclosed boxes\u201d they used to be.<\/p>\n Valasek and Miller\u2019s research paper suggests that not all carmakers are equally cautious about the security of the networked components, but then again, so far the researcher\u2019s work is theoretical. They acknowledge they have yet to attempt some actual remote hacks.<\/p>\n![\"wide-2\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/11\/06020159\/wide-2-1.png\")
<\/a><\/p>\n