The FBI has officially let us know of a new thing to worry about: hackers taking over your internet-connected vehicle. Via Wired comes this warning issued by the Federal Bureau of Investigation on Thursday: "Motor Vehicles Increasingly Vulnerable to Remote Exploits."
The FBI notice acknowledged research from 2015, when security researchers Charlie Miller and Chris Valasek proved they could take remote control of a 2014 Jeep and render the driver helpless. It then noted just how deeply integrated computer systems are in modern cars before getting to the nitty-gritty—just how a hacker with the wrong set of equipment and knowledge could mess up your Sunday drive to grandma's:
Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.
What does all that mean? Depending on the targeted auto's speed, the FBI says it means a hacker could do anything from kill a driver to simply harass them off the road. At low speeds, the FBI advisory indicates researchers have been able to disable brakes and steering and simply shut off the engine. However at any speed the following could be taken out of commission:
- Door locks
- Turn signal
- Radio, HVAC, GPS
In many respects, the advice given by the FBI about safety measures is the same safety advice any computer user might receive. The Bureau advised consumers who own vulnerable vehicles to keep the vehicle's software updated, to be extremely careful about modifying automotive software in any way, be wary of third-party equipment (dongles from your insurance company, telematics that link to your phone for diagnostic apps, etc), and perhaps most importantly, be wary of strangers.
That is, if you wouldn't let any random person take a look at your unlocked smart phone or laptop, why would you let the same rando you have no reason to trust noodle around with your car's electronic brains?
So far, apart from known instances when researchers proved car hacking was possible, has there been a case of it occurring in the wild? Apart from conspiracy theories surrounding the death of journalist Michael Hastings, it doesn't look like it has advanced past the research stage.
Unfortunately, the undertone of the FBI's warning seems to indicate that it's only a matter of time before it does. There may be a market for disconnected, "dumb" cars in the future after all.