If you drive a 2014 Jeep Cherokee, Infiniti Q50 or a 2015 General Motors GM Cadillac Escalade, you may not be as in control behind the wheel as you think you are.
These three automobiles were dubbed “most hackable” by researchers, Charlie Miller and Chris Valasek, in a report titled A Survey of Remote Automotive Attack Surfaces.
According to Miller and Valasek, ratings were determined based on three factors: attack surface, network architecture and cyber physical features.
Related Link: General Motors And Toyota: History Repeating Itself?
-
Attack Surface
- The “attack surface” refers to hacking entry points including Bluetooth, Wi-Fi, cellular network and keyless entry systems. These systems could potentially be used to find and exploit security vulnerabilities in the automobile’s control network. Network Architecture
- This factor has to do with how much access is given to critical systems including steering, brakes and acceleration. The more access given, the more ways a hacker could disrupt the normal operation of the automobile. Cyber Physical Features
- Finally, Miller and Valasek identified the number and makeup of features like automated braking, parking and lane assist. Disruption of these features by a hacker via false digital commands could cause a car to go out of control.
Infiniti Q50
The main problem with the Nissan Infiniti Q50 was the model’s network architecture, according to the report.
According to Miller and Valasek, wireless features such as remote keyless entry, Bluetooth, cellular, wireless tire pressure monitoring and a “personal assistant” app, were all directly connected to both engine and braking systems, making the car especially vulnerable to manipulation.
Jeep
The 2014 Jeep Cherokee was found to be vulnerable in all three areas. In addition to many of the problems exhibited by the Infiniti, the Jeep was shown to have a parallel parking assistance feature that the researchers said could potentially be triggered at high speeds.
The attack surfaces on the Jeep were also cited. The report pointed out that the number of Electronic Control Units (ECUs) on the Jeep Cherokee has more than doubled over the past four years. To a hacker, an ECU could be an attack surface.
Escalade
The report suggested that both the Jeep Cherokee and the 2015 Escalade share a security flaw. Apps, such as Bluetooth and telematics that connect the car to OnStar or another cellular network are on the same network as steering, brakes and other engine control systems.
A hacker, they suggest, could potentially exploit this vulnerability via a surface attack to take control of the car or disrupt important safety systems.
Related Link: Toyota's New Fuel Cell Car Does Not Impress Tesla's Elon Musk
Carmakers Respond
Chrysler spokesman, Eric Mayne said, “Chrysler Group will endeavor to verify these claims and, if warranted, we will remediate them.”
Nissan told Reuters it was reviewing the report’s findings and said there was "no indication" Miller and Valasek attempted to exploit any cyber vulnerabilities in the Infiniti Q50.
General Motors did not respond to Reuters requests for comment.
Not So Fast
It’s important to note that neither Miller nor Valasek actually hacked any cars for this report. They simply analyzed various technical manuals and wiring diagrams in an attempt to reveal potential security flaws and vulnerabilities.
In addition, the pair said that they could not say for certain that those they considered “most hackable” actually were.
At the time of this writing, Jim Probasco had no position in any mentioned securities.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
