Hack Attack

×

1 of 4

Lead Hackers 2 by Budd.JPG

Hack Attack

×

2 of 4

1 Hackers by BMW.jpg

Hack Attack

Telematics is the technology of sending, receiving and storing information via telecommunication devices in conjunction with affecting control over remote devices.

×

3 of 4

2 Hackers by BMW.jpg

Hack Attack

Being wirelessly connected to your vehicle is now becoming a regular fact of life. But what doors are left open?

×

4 of 4

Steering a Safer Path

Infiniti Wieck

Hack Attack

Carmakers like Infiniti use fly-by-wire technology for all the drivers’ inputs, even steering.

Story and photos by Budd Stanley, additional photos courtesy of Infiniti and BMW

Is your modern truck and all its controls open to hackers?

Back in 2011, I got into a very interesting conversation with the gentleman I was sitting next to on a flight from Vancouver to Montreal. We both found each other’s line of work quite interesting. I, an automotive journalist on my way to test the Nissan Leaf for the first time, he an electronics engineer, who develops wireless software.

As I was on my way to test out the Leaf, our worlds seemed to come together conveniently for the six-hour flight, and we would spend the great majority of the flight deep in conversation regarding the future of the automobile. At first, we began a friendly debate over vehicle durability. I put my worth into the hardware of a vehicle, appreciating metal parts bolted to other metal parts with metal bolts as the most durable part of a car, as I have experienced all too many electrical gremlins in the vehicles I’ve driven. The electronics engineer favoured software, noting that hardware is under strain; fatigues and structural engineers have designed each part to have a lifespan so that dealerships can make their money replacing parts, which he nailed on the head. Electronics are programmed to do only one thing, and to continue to do that single job unless reprogrammed, the only weak link being age and damage to the wiring.

From there, my suspicions turned to fly-by-wire technology. Today, nearly every control in a modern car, throttle and brakes included, are fly-by-wire. Nissan are even making use of fly-by-wire steering. This means that there is no mechanical connection between the engine, wheels and brakes and the driver’s hands and feet. Every pedal, shifter, button and soon to be steering wheel is simply connected to a sensor that relays a signal to an electric or hydraulic motor to control a vehicles driving systems. As a tech dinosaur and grump, this frightens the you-know-what out of me. My new friend simply stated that this technology has worked just fine on aircraft for decades.

This then sparked a new question, that of vehicle connectivity. Many of the new EV’s and even other well-equipped automobiles are connected wirelessly and continually send the parent companies data about the vehicle. Nissan (I only pick on them as it was the Leaf I was testing at the time) could tell how efficiently the owner of every Leaf was driving their vehicle, where they have driven and all sorts of other parameters and information. So my next question was, “How easy would it be for someone like you to hack into a modern connected fly-by-wire vehicle and take over the controls?”

The electronics engineer sat silent for a few seconds with a bit of a sober look on his face, then explained that yes, it would be rather easy. He figured that with a well-conceived program on a smart phone, someone could theoretically hack into a nearby vehicle and start playing around with any of the systems that were connected to the vehicles computer.

The thing is, this was only four short years ago, and the technology craze in the vehicles we drive seems to be taking off like a runaway train. Today, carmakers are regarded as much as tech giants as they are manufacturing giants; as a result of onboard features that are at the forefront of the tech industry. Technology is driving the automotive industry, as manufacturers are using ever-higher levels of technology to sell more trucks.

It’s all about the buttons. Companies like Ford and Ram are dumping technology into their trucks faster than consumers can fill the beds with tools or renovation supplies. Ford sales have shown that 25% of their F-150 sales in the U.S. are of trim levels $50,000 and up. The fully equipped, teched-out truck is one of the fastest growing segments in the truck market. With technology quickly taking over every facet of our lives, people want the best of the best in their vehicles if they are going to pony up the stratospheric prices.

Armed with my newly acquired information on that flight to Montreal, I put the question of vehicle electronics security to one of the Leaf engineers. His answer to me, “ah, don’t worry about it, we have software in place to guard against such a thing.”

It was as though I was talking to a politician trying very hard to make me feel like questioning security is really irrelevant; they have it handled and there is nothing to worry about. However, no matter how good the security is on my computer, there is always going to be some virus, Trojan etc., that makes its way on there. Hackers will never stop trying to break in to a system, and they always find a way to get around even the most up-to-date security.

And now the inevitable has happened. A cyber-security hole that has left more than two million BMWs vulnerable may be the most serious security breach the auto industry has ever experienced. The clear and present danger of car hackers has been revealed.

During testing, researchers from ADAC (Germany’s Automobile Association), mimicked a cellular base station and were able to capture traffic between a BMW and the cars Connected Drive service, which drivers can access and control via an app on their cell phones. When they looked at the underlying code contained in that traffic, they found it unencrypted. As an experiment, they copied the "unlock" command and replayed the fake messages to a SIM card within an unsuspecting BMW's telematics system. The result; they had full unhindered control of this particular function, able to lock and unlock the cars doors.

Other researchers have already demonstrated it's possible to hack into a car and control its critical functions, but what separates this latest exploit from others is that it was conducted remotely. With the BMW hack, researchers compromised the car without needing physical access or proximity and the event was left completely undetected.

ADAC has confirmed that BMW has since resolved the issue with a security patch that was sent over-the-air to the affected vehicles, however this raises several questions. What does the future hold, will we have to get into a routine of constantly downloading patches, updates and the latest antivirus into our vehicles? Or will the manufacturers automatically update them on the fly. If the latter is the case, the whole privacy issue comes part of the discussion as even more giant corporations record our personal data. Can we trust that they have done their homework to keep us safe?

This time it was a friendly research agency that found the open door, however with the constant stream of hackers trying to make a name for themselves, next time it could be crime syndicates looking to pluck some nice luxury machinery from the streets. While BMW’s fix has now encrypted the faulty communications, encryption alone is no guarantee of safety.

Unfortunately, it looks as though the future of the automobile will now run hand in hand with that of the personal computer, an unending battle for your personal property and information, between you, the hackers and the corporations that build the vehicles.