When a couple of “white-hat” hackers managed to remotely take control of a Jeep Cherokee while moving along a highway a few weeks ago, disabling several of its functions, the ongoing debate over the vulnerability of modern cars to hacking attacks started to get much more heated than ever before. The manufacturer of the Cherokee, Fiat Chrysler Automobiles (FCA), decided to recall over 1 million vehicles over hacking risks, including Jeeps, Rams, Dodges and Chryslers, and the security of every car equipped with a built-in infotainment system was immediately brought into question.
Multiple Vulnerabilities
With modern vehicles’ online vulnerabilities being one of the hottest topics in the automotive world for a couple of months now, forensic engineering services company PT&C/LWG decided to do a research and compile a list of cars that are most and least susceptible to remote hack attacks. The company published the results of its analysis in a report that unsurprisingly puts the 2014 Jeep Cherokee at the top of the list of most vulnerable cars to hack attacks. Researchers analyzed numerous potential vulnerabilities of various late-model vehicles, focusing on the security of their Internet connections and some other technologies that hackers might use to gain remote control of specific vehicle systems.
They ranked the cars based on which of their systems hackers would be able to access if they managed to break into their computers remotely, and how many systems are potentially exposed to attacks.
The Cherokee Most Vulnerable Because of Its Infotainment System
The Jeep Cherokee was ranked as the most hackable vehicle after hackers Charlie Miller and Chris Valasek demonstrated just how vulnerable its Uconnect system is, taking control of its steering, braking, transmission and other vital systems. The report notes that the Uconnect platform provides WiFi and 3G connectivity, with hackers being able to access the Cherokee’s braking system, adaptive cruise control, engine, parking assistance, and lane-departure warning system, which makes it extremely vulnerable to attacks.
The 2014 Infiniti Q50 is the second most hackable vehicle, with the Infiniti Connection System offering Bluetooth connectivity, a cellular network and AM/FM/XM radio. The manufacturer has discovered a fault in the car’s Direct Adaptive Steering software, which is why it was recalled in 2013. The car’s driver assistance, adaptive cruise control, and remote keyless entry could all be accessed remotely by breaching the Infiniti Connection System.
The main issue with the third most hackable vehicle – the 2015 Cadillac Escalade, is the fact that the telematics, the Bluetooth and the car’s apps share the same network with the engine controls, brakes, steering and tire pressure monitoring system, which means that if someone enters the telematics system, they would gain control of virtually every other system within the vehicle.
Toyota’s Safety Connect System’s vulnerability is what put the 2010 and the 2014 Toyota Prius at the fourth place of the list of most hackable cars. By breaking into the built-in infotainment system, hackers could take control of the car’s pre-collision systems, brakes, keyless entry, steering system, and self-parking system.
Rounding out the top five most hackable vehicles is the 2014 Ford Fusion, with researchers saying that it could be hacked through the wireless connection provided by the car’s SYNC system, allowing hackers to take control of several systems.
The report offers several suggestions to car owners as to how they can protect their vehicles against hack attacks. Researchers advise consumers to make sure their software is updated on a regular basis, get familiar with all high-tech features that are available in their vehicles, and do their best to secure passwords and network information related to their cars’ telematics system.