Care to elaborate? Do you mean key-less entry/ignition? Do you mean cloning chip keys? Do you mean bypassing vehicle alarms?

If they have wireless access in any way, yes, they can be hacked.

Some of the more dramatic examples are not entirely fair, although that is open to interpretation... One case of hacking of a Prius required a little physical access prior to the demo, but it was able to enable and disable things, and generally could have caused a driver to be forced into an accident.

You can call that "unfair", but it is perfectly possible, and credible for any vehicle parked outside. Most cases of traditional spying required physical access at least once, to place bugs, etc. So how is this different?

With connected devices that access the 'net, it is generally required to cause the user to become your local helper.... click on this, download that... A bit of social engineering. With an inanimate device handling most of the stuff, it may be that an outsider has to help, since the driver may not know how, and the machine is not susceptible to social engineering... you need the password or no-go..

Of course, the devices may get driver help..... IF the vehicles get interactive displays with external connectivity.... meaning basically a wireless connection and internet as part of the vehicle computer and display as opposed to a separate system. Then some social engineering is possible.

With the car makers hell-bent to REMOVE all direct physical operation of essential controls, you can look for more of this. They hate directly operated steering, they hate directly operated brakes, throttle is already indirect on many cars. I am not entirely sure WHY they hate these things, but it seem that they do, from their actions. Some may be "cheaper and more reliable", but others I am very suspicious of.

I admit to being a true son of Ned.... I like directly operated brakes and steering. I don't want to be in the position of merely "giving a suggestion" to the vehicle when it comes to those. Call me stupid, call me an obstacle to progress, whatever.

In my view, the more components involved, the lower the reliability. And also in my view, anything that it is possible to imagine BEING hacked, will eventually be hacked in reality. Some vehicle systems are being run on systems derived from Windows.... which should give anyone pause.

Don't like someone? Do a little hacking and make the brakes stop working if the altitude is over "X" and is reducing, plus the steering wheel has been turned "Y" number of times in the last 30 seconds..... When will we see the first case of that sort of murder proved?

Your level of exposure depends on a lot of factors. Like Rosco said, there are a lot of ways to hack things.

Most of the scary things that they are talking about are related to the built in remote control from "remote start" and remote monitoring services. Obviously, if you don't have a radio based service it's hard to hack.

They also talk about breaking into the car's network (yes, your car has a Car area network called a CAN if it's reasonably new) by way of the bluetooth interface. That assumes that your bluetooth implementation has a flaw that they can exploit, and that it's set up in such a way that they can then break into the CAN from the radio. That's not a given.

The hack that occurred to me is that they can use a simple analog RF (Radio Frequency) range extender to let your car's keyless entry see the key fob in your purse or pocket 80 feet away. Then all they need to do is open the door, get in, start it and drive away. Once the car is in a safe place they can finish reprogramming a new key to it. This has happened locally last year.

Dan

Rosco, I think he can mean even locking up the brakes for you when you don't want too, yup gotta be true seen it on the news lol

it does serve people right - supposed to be transportation folks --- can't wait to see what kinda joy ride the people who are wanting cars to drive themselves will be going on once hacked,,,,, and can't say as i'll feel one shred of sympathy whilst seeing the remains... what are you expecting to happen? good things?

Would hardly call you that JT, and after your full write up I think it best said as a man of incredible insight...

sometimes you have to know when to say when,,, and humanity is about to learn that lesson on oh so many levels...

All modern vehicles are at risk of hacking to some degree or another.

If you are concerned that someone could drive up behind your car and take control by remote means while you are driving I think that, although feasible, would be quite unlikely unless the vehicle has been designed or modified for remote activation/deactivation and there has been talk of this for law enforcement purposes and I understand you can buy systems to remotely disable your car when stolen. Presumably if you can do that someone else would be able to too.

It would be quite surprising if someone has not already developed a device that could be attached to you parked car for later remote activation. That might be a bomb, a tracking device or something that could cause the car to stop.

Yes, the risk is there but I am not too worried about it just now!

My car - a 2014 (made on 26 December 2014 in Japan) "top of the line" Mazda 3 has no physical connection for the accelerator and steering - it is all "fly by wire".

"Start" is push-button and will not operate unless the computerised remote is in my pocket - same applies to unlocking and opening the doors and locking them.

Nothing at all works unless the engine is "on" and running - every thing is locked unless the remote key is in my pocket.

The car has Bluetooth - which I do not use - and is "web-aware".

Window raise/lower and mirror-adjustment all need "power" (engine "on") - no manual handles etc.

Up to date I have no concerns about the car at it meets and exceeds all our requirement.

I am not concerned (yet??) about "security" but I guess that in the absence of any need for proactive action by my Dealer (which I will have done if recommended) I am quite happy to carry on as I am.

ANYTHING based on computer code and many other digital systems which may not even have any computers CAN BE HACKED. Just pay attention to the news. Even big banks can be hacked and you would assume that their security would be absolutely first class.

Some are easier to hack, some more difficult. But ALL can.

I have no reference or direct evidence, but I have heard about electronic devices that can record and then replay auto door opening signals. I never lock my car or truck with the wireless bob in any public location. Can the unlock code be that different from the locking code? I doubt it. Probably the same basic code with just one or two bits changed in a predictable manner. It's probably safe enough to unlock it with the wireless as you are leaving and I doubt that the thieves would follow you. But then, in some places they just might.

And would an ignition starting code also be the same, again with just one or two different bits? Do you really trust Detroit or the Japanese to have done it right and make it as secure as possible? I don't.

Now, some internet sources say that this problem has been fixed. Perhaps so, but as I said, ANYTHING can be hacked and those same sources allude to the fact that the fixes may also be vulnerable. And there ARE auto unlocking tools for sale.

I know someone that had everything stolen out of his car while on vacation in Milan, Italy. The police told the man that the thieves wait in the parking lots of the highway rest areas with gas stations and restaurants. When someone pulls in and gets out of the car and locks it with the Key fob the thieves are recording the radio frequency and then when the people are inside they can unlock the car without any tools. The insurance companies don't pay off because there is no sign of forced entry.

I'd amend that to "anything based on computer code can be hacked IF YOU CAN ACCESS IT." If you don't have a way to access a system, you can't hack it. If the car does not have a wireless connection, the effort required to hack it goes WAY up.

Even if a car has a wireless connection, you can only hack the parts that are associated with that connection. An "On Call" system that is essentially a glorified cell phone poses danger until it's integrated into the car's control systems. Once that happens, all bets are off.

Re: The banks.... I worked for one. Think of it as a super credit union for banks. They had a 3 person data security department that worked 8 to 5. Attacks after hours would be responded to within 30 minutes. Do you know how much an automated hack attack will do in 30 minutes? I do.

I've chosen not to worry about it too much.

Dan

I have a serious problem with analytics reporting back to home at the OEM. or somewhere else, depending on who's listening to these seemingly invariably poorly executed systems that are full of holes.

I used to think that people who advocated for carbureted-only were nuts, but these days it's getting out of hand.

I think this and I'm an EV engineer, too...

this makes for an interesting read...



Affects BMW's ,Mini's and Rolls Royce !!!

Batt...

Of course they can, and don't let anyone reassure you that its impossible. Cat and mouse, the engineers build it then along come the hackers, age old game.
Can it be done remotely? if the device has remote connectivity, yes. Sooner or later it'll be possible.
There's no absolutes, people have lots of time to contemplate and probe and tinker & the more you lock someone out, the more people will be maddened by the locking and dig round in the insides to restore lost functionality. Sometimes the most minor of seemingly unimportant problems can cascade into a catastrophic failure, and sooner or later someone persistent will find something and keep picking at it until it does.

Locally? well I reflashed the media computer on my wife's clio earlier this year with a unofficial version because renault wanted 700e for a simple map update (and the car itself is still inside warantee age!), and as a bonus I now have the 500e optional extra reversing camera too for the 25e for a small camera as Renault fitted the wiring back to the tailgate and gave the screen the capability and just disabled it in software. Slide a pre-prepared usb key into the phone charging socket on the dash with the correct firmware image and it didn't even ask, one reboot later and we're into a replacement media navigation system that handles gps, rearview, audio, phone, stereo etc.
Canbus? ok, I have some tinkering time with that too, I can redo my own keys for our other car and reset diagnostics and other information in the ecu too. I'm not really interested enough in modern cars to take things further than what I've needed it for so just paddling round the shallows on this one.
This is just the modern face of smashing a tail light and shorting some wires to defeat central locking computers (some GM cars), using a half a tennis ball to confuse pneumatically activated locking systems (earlier gm cars).

I try to avoid being too verbose about my day job because I get paid partly for being professional and discreet, but anyone that absolutely says something is safe and secure from hackers is a idiot. Unless its on a pc thats turned off, in a locked safe, buried in concrete, sealed in a underground bunker with leaking radiation barrels etc. And even then if it was worth it enough to somebody, they would find a way.
Humans with enough time and motivation are very very inventive and persistent.

But, to calm you down a bit, what you will see is people compromise things, then when it becomes public knowledge, a fix will be put out that will plug that hole. Then the attacks will settle down to a low level done by mischeveous kids because its by then lost its value and become public knowledge, and will only work against things which haven't been maintained or patched.
For the average new car owner, this would I expect be done silently at service time as part of a ecu proceedure. My garage has to log into the ecu and do any service builletins as part of servicing now.

A full on disable someones brakes and steering remotely will have far too much commercial worth in the black markets to be wasted on anything but the most specialised targets. And thats exactly how cybercrime operates today.