Are Connected Cars Safe?

A 14-year-old just hacked into a connected car—with $15 worth of Radioshack equipment. How will the auto industry grapple with the threat of hacking?

tech mechanic laptop

At this point, there is no question that truly connected cars are in our immediate future. Some tech is already here; some is on the imminent horizon. The question is not so much when, as how: How will we handle safety and protect drivers from cyber-security issues in a new age of connectivity among autos? And are connected cars safe, really?

Hack City

That question likely rang more loudly inside some skulls after a 14-year-old hacked into the car of a major automaker with nothing more than $15 on parts from Radio Shack. It was part of a demonstration called the CyberAuto Challenge Event, which won’t release the name of the brand of the affected car, or the whiz kid behind the hack.

The 14-year-old was charged with attempting a remote infiltration of a car, which experts say can take weeks or even months of planning. The student simply made a trip to Radioshack, spent one long night hard at work, and came back the next morning able to control the car in question. He could turn the windshield wipers on and off, lock and unlock the doors—even engage the remote-start feature. Just to be cruel, apparently, he made the lights flash on and off to the beat of the song playing from his iPhone. And he left a horrified audience in his wake.

A 14-year-old hacked into a connected car using $15 of equipment from RadioShack.

“It was a pivot moment,” Dr. Anuja Sonalker, lead scientist and program manager at Battelle, told AutoBlog‘s Pete Bigelow. “For the automakers participating, they realized, ‘Huh, the barrier to entry was far lower than we thought.’ You don’t have to be an engineer. You can be a kid with $14.”

It should be noted that no critical functions like steering, braking or acceleration were compromised. But just last week, Sen. Ed Markey of Massachussetts released a report criticizing automakers’ general readiness, noting that just two of 16 surveyed car companies had a plan for how they would respond to a real-time hack of one of their cars.

Markey’s other findings were also excerpted in AutoBlog:

  • Nearly 100 percent of new cars sold in the U.S. contain technologies that expose them to hacking or privacy intrusions.
  • Only two manufacturers could describe their capability to diagnose or meaningfully respond to a real-time infiltration, and “most say they rely on technologies that cannot be used for this purpose at all.”
  • Measures to prevent hacks are “inconsistent and haphazard” across the industry, and many manufacturers didn’t seem to even understand the questions posed by Markey and his staff.
  • Of the 12 companies that responded to a question on how they secured new software deliveries, all began with a presumption that a hacker couldn’t access the same technologies that ordinary mechanics possess.

Safety’s Reach

Safety, of course, has a number of far-reaching tangential consequences, including car insurance: It stands to reason that if connected cars are easily compromised, insurers would view them as a higher risk.

Bruce Schneier, CTO of Co3 Systems, broke the tech part of connected car safety down for AutoBlog: The average American car on the road is 11.4 years old. “If I gave you a 15-year-old computer, it would be horribly insecure, and we don’t really know how to deal with that yet,” he told Autoblog. “In a lot of ways, the auto industry is like the computer industry 15 years ago. It hasn’t fully realized what it means to try and keep a computer secure. You get updates once a month for Windows. Do you have to get that for your car? Probably.”

Previous articleShould Price Optimization Be Illegal?
Next articleTop 10 Cars in Fiction
I'm a Texas-based Kansan who misses seasons but loves breakfast tacos. My journalism and short stories have been published all over, including at Popular Mechanics, USA Today magazines, SELF magazine and Black Warrior Review. I have an MFA in fiction, but I'll stick to the truth at Quoted.