Cars which lock without using keys can be hacked into as easily as any other computerised device. Just as you lock it with your remote control, the thief blocks the signal and the car remains unlocked. Now the contents can be stolen without attracting attention by breaking a window.
It has already happened in Switzerland, and the piece of equipment thieves use can be bought via the internet – a radio frequency scrambler.
But having your car hacked can also result in it being stolen, pure and simple – and modern cars have multiple vulnerabilities: from the plug for the car’s diagnostic computer to the multimedia functions. The CD and radio, GPS, Bluetooth, WIFI, USB port - they are all doors to hackers.
The hack is always based on the same thing which is making your car believe the thief has the key. Once this has been done using a laptop, the rest is easy.
Professor Jean-Pierrre Hubaux, from the Faculte Informatique and Communications at l’EPFL told euronews: “A hacker could suddenly interfere with the brakes, so that when a driver puts their foot on the pedal it no longer works. In theory a hacker could turn the ignition off by remote control so that the vehicle is immobilised and vulnerable to attack. You could even use it to open bullet-proof glass windows. You could imagine a whole series of scenarios.”
The police have already recorded various car hacking crimes across Europe involving vehicles without traditional keys and the owners have been hard pushed to prove to their insurance companies that they did not leave their cars unlocked.
So IT security for cars is becoming a new specialist field. Computer Security Consultant Paul Such was, in the name of research, able to get hold of the software to operate all the multimedia facilities of a massive limousine.
He explained: “I can really modify the computer system on this car, I can change the icons it uses for example, like the icon warning me that fuel is running low, or the icon for telephoning or changing the sound of the car. The different beeps it makes when there is no more petrol, or to remind me to put my seat belt on, etc. There’s no technical reason to stop me doing all that. So if I can modify all that, it means that I could apply other codes to the car. You could easily imagine a virus, for example, which targets cars.”
A modern car is in fact a computer on four wheels. Dozens of interconnected processors and millions of lines of source code are hidden under the bonnet. The more the car communicates with the outside world, the more vulnerable it is. The equation is logical. But for one specialist, car manufacturers have overlooked security in their enthusiasm for innovation.
Paul Such added: “With mechanical keys, like we had in the past, the risk of theft also existed. The aim is to make the bar high enough so that a car can’t be stolen at all easily. Manufacturers ought to be doing the same things as software companies have done over the past 10 years - making their code secure. Quite simply, this in-car systems need to be tested and improved.”
Today, some large car manufacturers are responding to the hackers. They are starting to react but the most important task is to firewall all the computer information linked to controlling a vehicle and the computer equipment installed in it.