Trading Black Masks for Black Hats: Why Modern Cars Are Frighteningly Insecure
Recently, I found out how hilariously easy it was to steal my Datsun truck.
As with any car made in the early 1980s, there are a few different ways that you can illegitimately get my truck running and driving. In fact, I had no idea how little security my truck had until my ignition switch crapped out on me last week. Although my key could not start the truck, I found three different ways to start the truck without it: I could either hotwire the ignition switch; drill out the lock pins in the ignition cylinder and start it with a screwdriver; or run a cable from the battery to the starter solenoid. Seeing as how the previous owner failed to ensure that the steering wheel lock was working, any of these three methods would have got my truck stolen easily.
And, yet, my truck would be considered *very secure* from the point-of-view of the next generation of car thieves.
You see, in order to break into my truck, you either need to smash out the window or use a coat hanger to get to the door lock. And if I happened to be driving the vehicle, there wouldn't be a thing that you could do to it. In the modern age of automobiles, however, neither of these statements are necessary.
The typical mental image of a car thief is of a hoodie-and-balaclava-wearing bad guy with a crowbar and a set of wire strippers. In this day and age, however, none of these are really necessary. Sure, anyone can smash a window and steal all the stuff from your car. But that leaves tons of physical evidence behind. You'll probably set off an alarm, which will draw the attention of everyone else in the Walmart parking lot. Besides not being legal, the old-fashioned way of breaking into a car has become pretty stupid, as well.
However, I posit this scenario: what if you could hack into a car's electronics, remotely unlock the vehicle, and steal anything without leaving a trace? Better yet, what if you could use the same technology to start and control the car?
Unfortunately for new car buyers, this is not a far-fetched scenario from a Philip K. Dick novel. This is reality, and there isn't enough discussion about it.
My rant starts in the wake of the latest discovery of Charlie Miller and Chris Valasek, the two hackers responsible for the shenanigans that you will see in the video below:
As the video shows, the pair of hackers was able to get into the digital brains of a 2014 Jeep Cherokee and, among other things, remotely disable it while it was going down a freeway. To their credit, Chrysler issued a software patch that made it impossible to remotely hack while the vehicle was going faster than 5 miles per hour; a safety design that seems to be the industry standard. This means all the tinfoil-hat wearers of the world need not worry that someone is going to remotely commandeer their car and send them off of a bridge.
But the discussion about vehicle hacking is far from over. Recently, two hackers in Texas were arrested for stealing 30 Jeeps over a 6-month period by hacking into them.
In addition, what security experts think they know about cars is often different from the reality of the situation. One particularly embarrassing scenario occurred two years ago during a camp for high school and college students that was designed to address car hacking. They were told that it would take months for the world's leading security experts months to be able to infiltrate the car's security systems.
However, a 14-year old boy proved them wrong. All it took was a late night of circuit-building and $15 worth of equipment from Radio Shack, and he had control of the car.
Now I'm not saying that it's as easy to hack into a car as it would be to, say, hack a Visa machine. But in the day and age where autonomous cars, drive-by-wire and Internet connectivity have been the *topics du jour* among automotive enthusiasts for quite some time now, don't you think we should be thinking about security a little bit more than what we have?
As for myself: until these sorts of issues are fully addressed, you'll have a tough time trying to convince me that a Tesla or a Mercedes-Benz is more secure than my rusty old stick-shift Datsun.