Ever since the first connected cars, people have tried – with varying levels of success – to hack them. Sometimes this is just to prove a point, other times it’s for far more serious, criminal, activities. In some instances this is ‘just’ to break into them or steal them, but with remote control of a car the consequences could be far more serious if someone with a criminal motive decided to use this possibility.
Fortunately, the big budgets of car manufacturers mean their security is almost always the best it can possibly be. After all, no car brand wants to publicly shamed for being easy to hack.
Unfortunately, there remains a weak point that afflicts every single car on sale today, according to Professor Jim Saker, director of automotive management at Loughborough University.
Weak point
The weak point, according to Saker, is when your car is in the garage being serviced.
“This isn’t meant to be alarmist,” says Saker.
“The industry is spending an awful lot of money on cybersecurity to protect vehicles. But prior to Covid, when people met in crowds, vehicles were a weapon of choice for a number of terror groups or deranged individuals who had the idea of driving a vehicle into a crowd.
“Now there's a lot of vehicle manufacturers trying to stop crashes by putting in software which stops that happening. But the point that I've come back to is that even if all of that was done, the weak point still is when the car is being serviced. The technician will have access to these systems.”
Saker adds: “It's something nobody wants to talk about.”
His point is that while there’s lots of cyber security in place at car manufacturer level to stop hacking remotely, there are currently insufficient checks on technicians who work on cars.
“All I'm suggesting is there a need for tighter background checks and tighter security.”
Technician access
He highlights that the person working on the car at a garage doesn’t even need to know how to write the software to hack it, they could be paid by a third party to install new software on the car. Saker points out that both electricians and plumbers need to be registered and checked in order to maintain consumer safety and confidence.
“I guess it's flagged up in the raining cars scene from The Fate of the Furious film which is farfetched, but there is the potential. Because we don't do in-depth background checks on technicians, we therefore don’t have systems in place to ensure that car data is protected.
Using the data
“If you've got, or can get to, the data and you can stop a car remotely, because we can do that now, we can change the configuration of how a car is running remotely. It's dangerous to do it because obviously the driver's not aware of what's going on.”
Saker says that once the car has been hacked in a garage the remote connection could be make much more easily. “You could stop it from 70 miles an hour. Put the automatic braking system on, everybody plows in the back.
“I've mentioned in other places, to other people including politicians and asked what could happen if the Prime Minister's car could be hacked. They can stop the car, it becomes stationary and then it becomes a target.”
Saker believes the Government isn’t willing to introduce legislation in the same way it has in the gas and electrician’s industries. However, he thinks that garages could be stricter on what staff bring in and out of work in the same way that some higher-security institutions don’t allow staff to take phones, USB sticks and other mobile devices into work.
“There needs to be more than the employer simply checking staff haven't got a criminal record,” he says.
Keyword: Car hacking, how vulnerable is your car?