Automotive hacking is the exploitation of vulnerabilities within the software, hardware, and communication systems of

automobile A car, or an automobile, is a motor vehicle with wheels. Most definitions of cars state that they run primarily on roads, Car seat, seat one to eight people, have four wheels, and mainly transport private transport#Personal transport, peopl ...

Overview

Modern automobiles contain hundreds of on-board computers processing everything from vehicle controls to the

infotainment Infotainment (a portmanteau of ''information'' and ''entertainment''), also called soft news as a way to distinguish it from serious journalism or hard news, is a type of media, usually television or online, that provides a combination of inform ...

system. These computers, called Electronic control units (ECU), communicate with each other through multiple networks and communication protocols including the

Controller Area Network A controller area network bus (CAN bus) is a vehicle bus standard designed to enable efficient communication primarily between electronic control units (ECUs). Originally developed to reduce the complexity and cost of electrical wiring in aut ...

(CAN) for vehicle component communication such as connections between engine and brake control;

Local Interconnect Network LIN is a network protocol used for communication between components in modern vehicles. It is a low-cost single-step serial protocol that supports communications up to 19.2 Kbit/s with a maximum bus length of . History The need for a cheap seri ...

(LIN) for cheaper vehicle component communication such as between door locks and interior lights; Media Oriented Systems Transport (MOST) for infotainment systems such as modern touchscreen and

telematics Telematics is an interdisciplinary field encompassing telecommunications, vehicular technologies (road transport, road safety, etc.), electrical engineering (sensors, instrumentation, wireless communications, etc.), and computer science (multimedia ...

connections; and FlexRay for high-speed vehicle component communications such as active suspension and active cruise control data synchronization. Additional consumer communication systems are also integrated into automobile architectures including

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is li ...

for wireless device connections, 4G Internet hotspots, and vehicle

Wi-Fi Wi-Fi () is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for Wireless LAN, local area networking of devices and Internet access, allowing nearby digital devices to exchange data by ...

. The integration of these various communications and software systems leaves automobiles vulnerable to attack. Security researchers have begun demonstrating the multitude of potential attack vectors in modern vehicles, and some real-world exploits have resulted in manufacturers issuing vehicle recalls and software updates to mobile applications. Manufacturers, such as

John Deere Deere & Company, Trade name, doing business as John Deere (), is an American corporation that manufactures agricultural machinery, heavy equipment, forestry machinery, diesel engines, drivetrains (axles, Transmission (mechanical device), transmi ...

, have used computer systems and Digital Rights Management to prevent repairs by the vehicle owners, or by third parties, or the use of aftermarket parts. Such limitations have prompted efforts to circumvent these systems, and increased interest in measures such as Motor Vehicle Owners' Right to Repair Act.

Research

In 2010, security researchers demonstrated how they could create physical effects and undermine system controls by hacking the ECU. The researchers needed physical access to the ECU and were able to gain full control over any safety or automotive system including disabling the brakes and stopping the engine. In a follow-up research paper published in 2011, researchers demonstrated that physical access is not even necessary. The researchers showed that “remote exploitation is feasible via...mechanics tools, CD players, Bluetooth, cellular radio...and wireless communication channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft”. This means that a hacker could gain access to a vehicle's vital control systems through almost anything that interfaces with the automobile's systems.

Recent exploits

2015 Fiat Chrysler UConnect Hack

UConnect is Fiat Chrysler's Internet-connected feature which enables owners the ability to control the vehicle's infotainment/navigation system, sync media, and make phone calls. It even integrates with the optional on-board WiFi. However, vulnerabilities in Fiat Chrysler's UConnect system, available on over 1.4 million cars, allows hackers to scan for cars with the system, connect and embed malicious code, and ultimately, commandeer vital vehicle controls like steering and brakes.

2015 Tesla Model S Hack

In 2015 at the

DEF CON DEF CON (also written as DEFCON, Defcon, or DC) is a Computer security conference, hacker convention held annually in Las Vegas Valley, Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include comp ...

hacking conference Marc Rogers and Kevin Mahaffey demonstrated how a chain of exploits could be used to take complete control of the Model S. Marc Rogers and Kevin Mahaffey identified several remote and local vulnerabilities that could be used as entry points. They demonstrated that after exploitation the vehicle could be remotely controlled with an iPhone. Finally, they also demonstrated that it was possible to install a backdoor that allowed persistent access and control of the vehicle in a similar fashion to exploit techniques more usually associated with traditional computer systems. Marc Rogers and Kevin Mahaffey worked with

Tesla, Inc. Tesla, Inc. ( or ) is an American multinational automotive and clean energy company. Headquartered in Austin, Texas, it designs, manufactures and sells battery electric vehicles (BEVs), stationary battery energy storage devices from h ...

to resolve the issues before disclosure. It was announced before the presentation that the entire global fleet of Model S cars had been patched overnight, the first proactive mass Over The Air (OTA) security update of vulnerable vehicles.

General Motors OnStar RemoteLink App

The

OnStar OnStar Corporation is a subsidiary of General Motors that provides subscription-based telecommunication, communications, in-vehicle security, emergency services, turn-by-turn navigation, and remote diagnostics systems throughout the United States, ...

RemoteLink app allows users the ability to utilize OnStar capabilities from their Android or

iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...

smartphones. The RemoteLink app can locate, lock and unlock, and even start your vehicle. The flaw in

General Motors General Motors Company (GM) is an American Multinational corporation, multinational Automotive industry, automotive manufacturing company headquartered in Detroit, Michigan, United States. The company is most known for owning and manufacturing f ...

’ OnStar RemoteLink app, while not as extreme as UConnect, allows hackers to impersonate the victim in the eyes of the RemoteLink app. This means that the hackers can access all of the features of the RemoteLink app available to the victim including locating, locking and unlocking, and starting the engine.

Keyless entry

The security researcher Samy Kamkar has demonstrated a device that intercepts signals from keyless-entry fobs and would allow an attacker to unlock doors and start a car's engine.

"USB" entry

Kia back windows can be broken without setting off an alarm, and Hyundai are similar. Since 2021, on social media, videos show stealing of post-2010 Kia vehicles and post-2014 Hyundai vehicles, without engine immobilizers, with a USB 1.1 A plug

cable Cable may refer to: Mechanical * Nautical cable, an assembly of three or more ropes woven against the weave of the ropes, rendering it virtually waterproof * Wire rope, a type of rope that consists of several strands of metal wire laid into a hel ...

, or pliers. Kia started installing immobilizers in 2022.

2022 CAN injection: keyless car theft

Using a fake device sold on the dark web, thieves were able to steal vehicles by forcing the headlamps open and accessing the

CAN bus A controller area network bus (CAN bus) is a vehicle bus standard designed to enable efficient communication primarily between electronic control units (ECUs). Originally developed to reduce the complexity and cost of electrical wiring in auto ...

, and then once on the bus, to simulate the signals to start the vehicle. The exploit requires enough time and privacy for thieves to remove vehicle hardware, sometimes bumpers, in order to open the headlights.CAN injection: keyless car theft
by Dr. Ken Tindell, CTO of Canis Automotive Labs, 4-3-2023. Possibly the only way to prevent this kind of event by determined and knowledgeable thieves would be for car designers to encrypt traffic on the CAN bus.

2024 Remotely control Kia cars through license plate

On June 11, 2024, a group of researchers lead by Sam Curry discovered a vulnerability in Kia’s web portal that allowed them to reassign control of the internet-connected features of any Kia vehicle manufactured after 2013. Although the vulnerability didn't permit the group to interact with the car’s driving systems, they built a custom application to target this vulnerability that enabled them to scan any “connected” vehicle’s license plate and track the car’s location, unlock the car, honk its horn, or start its ignition—all on command. These kinds of vulnerabilities are not new and have occurred in cars built by other manufacturers such as Acura, Genesis, and others. While the web portal vulnerability for Kia was quickly patched, the same group of researchers found similar vulnerabilities in multiple other car manufacturers, including but not limited to Ferrari, BMW, Rolls Royce, Porsche, and Toyota. The team exploited the Kia web portal vulnerability by leveraging

API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...

weaknesses in both the dealer and owner websites. They began by registering on the Kia Connect dealer website using a legitimate registration link sent to customers. By analyzing the back end

communication, they discovered that Kia’s systems inadequately authenticated users in the dealer system. Using this knowledge, they manipulated

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

requests, modifying headers and tokens to simulate authorized dealer credentials. With the dealer credentials and access token, they were able to find information related to a car’s VIN by accessing the dealer

gateway endpoint, which is essentially an

for dealership functionality. The resulting

response while using the token gave access to the vehicle owner's name, phone number, and email address. Once gaining access to the personal information, the researchers escalated their access to the owner portal by replacing the email associated with a vehicle owner’s account. This step added the attackers as secondary users without alerting the original owner, enabling control over the vehicle. They then sent commands such as unlocking doors, starting engines, or tracking vehicle locations by issuing properly formatted

calls. Due to the lack of notification systems, the researchers were able to do all of this without the owner of the vehicle ever knowing.

References

{{Reflist Hacking (computer security) Crimes