A report to be published this week at the Black Hat USA Conference in Las Vegas will detail which vehicles are most susceptible to hacker attacks through their car’s Bluetooth, telematics or on-board phone applications.
Cyber crime researchers Charlie Miller and Chris Valasek, who in the past have issued reports on the most vulnerable vehicles, intend to release an update detailing the most safe and least hackable cars.
The owners of Chrysler’s 2014 jeep Cherokee, Nissan’s 2014 Infiniti Q50 and GM’s 2015 Cadillac Escalade may be bewildered to learn that they're cruising around in some of the most hackable automobiles on the roadways. It appears as though the digital systems installed in vehicles are not as secure as previously believed.
"A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes," the researchers said in a brief outlining their upcoming report. "Unfortunately, research has only been presented on three or four particular vehicles. Each manufacturer designs their fleets differently; therefore, analysis of remote threats must avoid generalities."
Out of 20 models that were reviewed, the report names the 2014 Jeep Cherokee from Chrysler Group, the 2014 Infiniti Q50 from Nissan Motor Co Ltd and the 2015 Cadillac Escalade from General Motors Company and the 2014 Toyota Prius as the vehicles most hacked into by a third party. Miller and Valasek also identified the Audi A8, the Honda Accord and the Dodge Viper as the most secure and least hackable vehicles on the road.
The cars listed above were not tested in any capacity but reviewed key criteria of sorts for evaluating the potential security issues a vehicle might harbour that could allow hackers to take control of systems to manipulate and cause physical damage to the car, the researchers said.
A similar report from ABI Research says the car's OBD-II bus is one of the vulnerable points. However, wireless technologies such as cellular V2X and Wi-Fi form extra breach points, allowing hacking from a distant wireless device outside of the vehicle jeopardizing the authentication and integrity of messages.
The report also analysed how automotive network security has undergone change over the last five years and how to better safeguard vehicles in the future. The security team is also expected to report on an "intrusion prevention device" that could prevent someone from hacking into a vehicle.