It’s an area of increasing concern for the FBI and a practice Michigan politicians are cracking down on: car hacking. Now, experts at the world’s largest hacking convention claim companies are right to be concerned, as these hacks could cause serious damage.
“Car companies are finally realising that what they sell is just a big computer you sit in,” said Kevin Tighe, senior systems engineer at Bugcrowd. Tighe is one of the researchers that spoke to The Guardian outside Defcon 24, a hacking convention held in Las Vegas, where a number of teams met up to discuss the latest in car hacking breakthroughs.
One possibility explored was jamming the sensors of self-driving cars. A worrying attack on the Tesla’s autopilot system led the computer to believe that it couldn’t detect anything because there was nothing there, rather than activating any sort of fail-safe.
Another issue raised, in systems that did have strong safety features, was whether those features could be disabled. Two hackers discovered that, by working out how different components speak to each other, they were able to mimic the car’s controls instead of overwriting individual settings. This meant that, rather than having to place the test Jeep in diagnostic mode, they could make changes during standard driving.
Car hacking is a rapidly growing area of interest for researchers, but not all of it is malicious. Last month, the 11th Hackers on Planet Earth Convention held a panel on car hacking in New York City, where Eric Evenchick, creator of open source tool CANtact, explained that consumers may want to hack their own cars to increase performance or fine-tune power steering.
But there is doubt around whether there’s really an incentive for hackers to break into a car’s computers and fiddle with the handling. Criminal activity is far more likely to stay focused on actually stealing the vehicle. “One thing that hasn’t been addressed very well is motive and risk,” Evenchick told Inverse after the panel had concluded.