It’s a dystopian scenario: You are driving down a mountain road, listening to Spotify through your car’s Bluetooth connection, when suddenly, your brakes fail and your car goes careening off the road. Your car has been hacked, and you didn’t even know it was happening.
That’s the nightmare hinted at in a scary report from Massachusetts Sen. Ed Markey, which was picked up by many news outlets. A segment on “60 Minutes” recently showed how effective and frightening car hacking could be. It featured reporter Lesley Stahl losing control over her car’s horn and brakes as a hacker clicked away on a nearby laptop.
Could it happen to you? Today, it is extraordinarily unlikely. Though automobile hacking is possible, it requires deep technical knowledge possessed only by a handful of academics and researchers. According to experts, the chances of your car being hacked while it sits in your garage, or while you’re driving it, is very, very low.
What is car hacking?
Your average new car is a rolling network of high-powered computers. It has a number of processors and wireless systems that allows it to do everything from getting you directions to your aunt’s house, to streaming music from your smartphone via Bluetooth, to making sure you don’t rear-end the car in front of you when it brakes suddenly.
Like any network, cars are vulnerable to hacking: an intrusion from an outside source. That intrusion can be through something physically connected to the vehicle, or (more scary), a remote, wireless connection, over cellular, Bluetooth, or Wi-Fi.
What can someone do if they hack into a car?
As the recent “60 Minutes” report demonstrated, a dedicated hacker was able to manipulate a vehicle’s braking system, control the windshield wipers, and honk the horn by wirelessly hacking into a vehicle via its cellular connection.
There are also privacy concerns: A hacker could access a vehicle’s location information, allowing a criminal to determine where you have traveled and where your car is currently located.
How do these hacks work?
Let’s use the “60 Minutes” report as an example. That hack used the same methods employed by the University of Washington computer scientist Tadayoshi Kohno and his co-researchers at the University of California, San Diego in 2010.
The team hacked a vehicle through its emergency 911 system — automotive blog Jalopnik figured out it was General Motor’s OnStar system — and managed to take control of some of the vehicle’s major systems, including the brakes.
They did this by dialing the car’s cellular number (all cell radios have one, but not all cars have cellular radios), flooding it with dial tones, thereby confusing the car’s computers, and then sending their own code to the car to take it over. It’s far more complicated than just that, but that’s the gist.
Can my car be hacked?
The truth is, like any computer system connected to the outside world, your car can theoretically be hacked. So far, however, there have been no reported instances of hackers taking over cars outside of controlled testing environments.
That still sounds terrifying. Should I be scared?
Hacking a vehicle is still extremely complicated and requires a heck of a lot of technical know-how and time. This isn’t exactly getting a virus on your computer, after all. It’s far more complex.
So far, nearly all incidents of automotive hacking have been performed by scientists, academics, and white-hat (good guy) hackers trying to prove there are vulnerabilities within cars, so automakers will take notice and plug any holes they find.
In fact, Tadayoshi Kohno at the University of Washington doesn’t even think this is something drivers should fear at the moment.
"I don’t think the average consumer has to stay awake at night worrying about this," he said.
Okay so why all the fuss?
The idea of scientists hacking into cars isn’t new. The original experiment proving the concept was possible is almost five years old.
Still, hacking a car is incredibly dangerous, because, unlike computers, cars are 2,000 pounds of metal hurling down the road at 65 miles per hour.
Whether or not a car has been hacked outside of a controlled setting doesn’t matter to researches. The very fact that it’s at all possible means they want automakers to take steps to better insulate their vehicles, no matter how difficult it may be to break into them.
Right now, the good guys are winning. Not only is hacking a vehicle incredibly difficult, as Forbes’s Doug Newcomb points out in his piece on the topic, there’s also no financial incentive for hackers to bother.
Sure, hackers could remotely unlock a vehicle, but as Newcomb explains, they wouldn’t even be able to steal it, because, most new cars require key fobs to be within a certain range of the vehicle before the engine will fire.
We’d be more concerned about someone hacking a car in order to harm the occupants, but, again, there have been no reports of such incidents occurring.
So are automakers doing anything to protect future cars?
Yes. Thanks to the aforementioned research, and other tests like it, automakers are completely aware of the risks hackers could pose to their vehicle fleets.
It’s not just car manufacturers, either. Industry groups, computer scientists, and a host of others are also working to make cars less susceptible to hacking.
That doesn’t mean the governmental and industry watchdog groups shouldn’t be keeping the automakers on their toes. It does, however, mean the companies are well aware of the issue and working to mitigate it.
But what about those things that plug into my car, like Automatic?
Automatic, and other devices like Mojio, plug into your car’s onboard diagnostic (OBD) port and let you monitor your vehicle’s performance from a smartphone app. And while hackers have demonstrated that they can break into a vehicle by connecting to an OBD port, systems like Automatic or Mojio are still safe.
Automatic’s CEO Thejo Kote explained that his company uses banking-level 128-bit AES encryption when transmitting data and that each encryption key for cars using Automatic is different. So even if someone managed to hack a car with Automatic, they wouldn’t be able to access another Automatic user’s vehicle.
OK, so what can I do?
Keep driving your car like you always do. Stream your Spotify playlist, use your navigation system, and keep listening to your awful drive-time radio.
It’s important to be aware that, despite the minute chance of it happening, your car could be hacked in the future, just like you should be alert that your house could be broken into while you’re at work.
In reality, the chances of your car being hacked far smaller than your house being broken into, but it’s still worth keeping in mind.
So I’ll be fine while driving my car?
As long as you’re not driving through a Mad Max-style hellscape, or next to someone who’s talking on their phone, for now, you’ll be fine.