Jeep Cherokee, Cadillac Escalade & Toyota Prius top list of most “hackable” cars
The list has been put together by hackers Charlie Miller and Chris Valasek, who last year showed they could hijack the steering and brakes of a Ford Escape and a Toyota Prius just using laptops connected to the cars.
‘For 24 different cars, we examined how a remote attack might work,’ said Valasek, director of vehicle security research at the security consultancy IOActive. ‘It really depends on the architecture: If you hack the radio, can you send messages to the brakes or the steering? And if you can, what can you do with them?’
The duo say their goal is to make the auto industry think about security as a key issue.
‘You can grab a Consumer Reports magazine from a newsstand right now and see ratings for car safety features,’ said Valasek. ‘We’re doing the same thing, but for vehicles’ cybersecurity.’
Last month also saw the two announce that they have developed a device to protect vehicles from cyber attacks. The device is due to be unveiled at the Black Hat hacking conference this week.
In response, Wil Rockall, director at KPMG’s cyber security practice, said that vehicles should be 'secure by design'. He commented: 'Three years ago criminals sought access to vehicles by stealing the keys, but today three-quarters of cars stolen in London are done so without them, principally through electronic methods. It is important that cyber-attacks do not become physical ones because manufacturers are unable or unwilling to design in security.
'The industry needs to invest in creating systems that are securely built and well tested, with capabilities that can be improved as threats evolve and vulnerabilities are discovered. The public must be able to trust the new systems put in place and be confident when operating their vehicles that a “crash” is not going to be caused by cyber attackers.
'Simply introducing a car "security product" is not a strong enough defence, nor is it a wise strategic direction of travel for the industry, we should look towards making vehicles "secure by design". This will provide security measures aimed at preventing vulnerabilities from being attackable, rather than accepting flaws in design and masking them with a third part conventional security product.'
Earlier this year it was announced that a researcher has found that the internet-connected infotainment system in the Model S is open to hackers, which means light-fingered car thieves could break through a password and unlock the doors.
Leave a comment