Is hacking a threat for luxury car owners?
December 18, 2015
Motoring expert Tim Rodie explains why car theft is now at such an advanced stage that thieves are more likely to be conversant with programming languages and wireless communications than crowbars and screwdrivers
The enthusiastic uptake of smartphones by consumers hasn’t gone unnoticed by car manufacturers. Over the past four years the automotive industry has been playing catch-up with Silicon Valley’s mobile brands in a rush to bring to market the most connected automobiles possible.
Nearly all modern premium cars from makers such as Audi, Mercedes-Benz, BMW, Maserati, Tesla and Ferrari now offer an enticing range of technologies, from mobile wi-fi internet hotspots to wireless charging cubbyholes and keyless ignition.
But does this race for in-car connectivity leave buyers of luxury vehicles more at risk of losing their investment than ever before, thanks to a new breed of hackers and digital thieves? Car hacking broadly revolves around two topics – the ability of thieves to take advantage of keyless entry and ignition systems to steal vehicles, and the possibility of remotely accessing a car’s controls from anywhere in the world by compromising its internet connection.
What’s the risk of key hacking?
Keyless theft is unquestionably the more likely of the above scenarios. Thieves are able to break into high-end cars using the car’s on-board diagnostics (OBD) port and a diagnostic laptop to programme a new key for the vehicle, which they would then use to start the car and drive off. This is only possible if the thieves can access the OBD port without moving into view of the car alarm’s field of coverage, so they will try to break the car window as carefully as possible.
‘Manufacturers are already increasing the security of OBD ports on new models,’ said Andrew Miller, Chief Technical Officer at UK-based car security consultancy Thatcham. ‘However, they cannot restrict the use of the OBD port itself because it’s a legislative requirement for it to be accessible.’
Since the start of 2015, most high-end cars with keyless entry and ignition have been built with alarms that cover the OBD port. Manufacturers have also improved the software encryption of their keyless systems, and some have removed the ability to add new keys to a car once it’s built – something that will increase the price of replacement keys should you ever lose one, because parts of the car’s electronics will have to be replaced.
Car owners with internet connectivity need to stay vigilant. Photograph: Alamy
Remote car hijacking
Remote hijacking is the next level of car hacking. In summer 2015, two hackers in the US demonstrated their ability to exploit a weakness in a Jeep Cherokee’s wi-fi hotspot to control the steering and braking controls from hundreds of miles away – the hackers could even honk the horn and change radio stations. Although this was done as a demonstration to a journalist, it raised questions about the future of car security, especially given that so many new cars are connected to the internet.
‘As connected technology takes hold we are faced with a new potential cyber risk,’ said Miller, before pointing out that Thatcham is already working with groups of manufacturers to make sure vehicles don’t have exploitable loopholes in their code.
Most demonstrations of remote car hacking thus far have required prior hands-on modification to the vehicle, often involving replacing a car’s ‘infotainment’ software with a hacked version that allows remote access. This means remote-control hacking is unlikely, and car manufacturers are already pooling their efforts to minimise the risk of full remote hacking.
So what does hacking mean for you?
The simple answer is that you’ll have to keep your car’s software up to date. ‘As vehicles become more connected and user friendly it would be easy to let your guard down,’ admits Miller, ‘but in future it will be important to educate people that ultimately they still have overall responsibility for their vehicles. Owners with internet connectivity should stay vigilant and make sure all digital devices have the latest level of software.’
Naturally, the world’s car manufacturers have a responsibility for the safety of their buyers, and the cost of keeping future vehicles safe from theft and hijacking will be one worth paying – especially as the industry attempts to introduce fully autonomous cars, which will depend on human trust in technology.
Tim Rodie is head of content @carwowuk