It was once true that geeky or just plain bored teens could tinker with junker cars at the local garage and learn the ins and outs via a time-honored method known as trial and error. It’s not that simple anymore: Advanced computers now control nearly every aspect of the driving experience. And a lot of the people doing the tinkering — to hear the FBI say it anyway — are hackers.
On Thursday, the FBI and U.S. National Highway Traffic Safety Administration (NHTSA) acknowledged that cars are “increasingly” vulnerable to cyber attacks, a fact that’s been known in the automotive industry for some time and was highlighted in July when a hacker remotely shut down a Wired writer’s car on the highway.
What’s interesting is that the “increasing” threat isn’t just a product of Android and Apple integration. Cars increasingly rely on advanced computer systems found under the hood called Engine Control Units. These boxes are incredibly powerful and use a multitude of sensors to adjust an engine’s actuator to improve fuel efficiency and emissions. They also control some of the car’s most basic functions, including steering, breaking, and windshield wiper controls. Today ECUs are some of the most powerful commercially available computers on the planet. ECUs in the newest cars contain more than 100 million lines of code, twice as many as the Large Hadron Collider. (Whether that represents good engineering or not is a different question.)
Because ECUs are hooked into safety features such as forward-collision warning systems, automatic emergency braking, intelligent speed assist, and blind spot warning systems, the plans for these things are generally kept private out of concern for drivers’ safety. Wireless systems and diagnostic ports are among the most vulnerable according to the FBI, because they involve communication with outside entities, not just internal systems. This means hackers are most easily able to access keyless entry, ignition control, tire pressure monitoring, navigation, and entertainment systems.
As ECUs only continue to grow in scope with self-driving cars coming in the near future, the FBI and NHTSA are hoping to better inform the public of these potential threats as automakers continue to issue recalls and update software to protect against vulnerabilities.