The federal government is warning drivers about potential cyberattacks on their vehicles as cars are becoming increasingly more “connected.”
The FBI and National Highway Traffic Safety Administration said researchers have identified vulnerabilities in cars made as recently as the 2014 model year that highlight a troubling trend in auto cybersecurity, citing a report that was conducted in 2015 by the Seattle-based IOActive security firm.
“In this study, which was conducted over a period of several months, researchers developed exploits targeting the active cellular wireless and optionally user-enabled Wi-Fi hotspot communication functions,” the agencies wrote, noting that “the vehicle studied was unaltered and purchased directly from a dealer.”
They added: “Attacks on the vehicle that were conducted over Wi-Fi were limited to a distance of less than about 100 feet from the vehicle,” the report continued. “However, an attacker making a cellular connection to the vehicle’s cellular carrier — from anywhere on the carrier’s nationwide network — could communicate with and perform exploits on the vehicle via an Internet Protocol (IP) address.”
The agencies warned that the rapidly increasing use of technology in cars makes them more vulnerable than ever to being hacked.
Modern cars “often include new connected vehicle technologies that aim to provide benefits such as added safety features,” they wrote, but they also present vulnerabilities that could be exploited by hackers who have a malicious intent.
“While not all hacking incidents may result in a risk to safety — such as an attacker taking control of a vehicle — it is important that consumers take appropriate steps to minimize risk,” the agencies said.
The warning about potential auto cyberattacks as automakers and technology companies are pushing to develop driverless cars — and asking Congress to create a friendly regulatory environment for them.
Chris Urmson, Google X director of self-driving cars, told lawmakers in a Senate committee hearing this week that his company is far along with testing of automated technology that could drastically transform the way drivers interact with their autos.
“We’re now testing self-driving prototype vehicles in three different states, and over the last seven years, we’ve driven over 1.4 million miles in autonomous mode,” he said during a hearing on driveless autos that took place in Washington on Tuesday.
Urmson said during the Senate hearing that self-driving cars could greatly boost the safety of U.S. roadways, but only if they are allowed to operate fully autonomously.
Last year, hackers were able to wirelessly hijack a Jeep Cherokee in a demonstration that was revealed in a Wired magazine attack over the objection of the vehicle’s manufacturer, Fiat Chrysler. The discovery of the breach was a major flash point for the auto industry as features like parking assistance and lane control become more readily available in U.S. cars.
Automakers have largely focused on potential safety improvements from technological advances in car manufacturing, such as vehicle-to-vehicle and vehicle-to-infrastructure communications and eventually self-driving autos, although they have acknowledged the need to vigilant about cybersecurity.
Read more of the original article in The Detroit News.
