“Many of our enemies are nuclear powers, but any nation with the ability to launch a cyberstrike could kill millions of civilians by hacking cars. It's daunting,” Cappos expressed.
Cappos explained that once hackers are connected to the network, they can communicate with any device and can send messages to the brakes to stop and turn off the power steering. He added that car components would not be able to identify where the messages were coming from and would not be able to tell if these messages were true. (Related: Police could take over your self-driving car.)
He told The Times, as cited by The Daily Mail, that hackers may already be creating accidents now, with the authorities being unaware. With this warning, he urged the government ministers to update their security and to implement laws that will require car manufacturers to issue software updates. Furthermore, unless car manufacturers fix the problem in the next five years, these attacks are inevitable. He also added that this issue should be treated as an urgent matter because the lives of millions of people are at risk.
“If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles,” he said.
About four years ago, researchers demonstrated they could hack a moving Jeep on a highway by delivering false messages to its internal network, enabling them to make the vehicle turn sharply while it was moving down a country road or allow the researchers to speed up or remotely step on the vehicle's brakes. In fact, a new technique on hacking cars has been revealed, according to a report by Wired.com. Researchers from security firm Trend Micro, along with researchers at LinkLayer Labs and the Polytechnic University of Milan, discovered that there is an underlying security issue in the Controller Area Network (CAN) protocol that is used by car components to communicate and deliver messages to each other within the network of the car. This network would enable a hacker who got in the car internals to turn off key automated components, such as the safety features of cars.
Federico Maggi, from Trend Micro and one of the authors of the research, said that the air bags, anti-lock brakes, or the locks of the doors could be disabled by hackers. He also added that the hacked vehicle could be stolen.
“It's practically impossible to detect at the moment with current technology,” he said.
The researchers also explained that it is a “denial of service” attack that shuts down the components and that this hacking technique is not a fully remote attack, as the hacker needs to have initial access to the network of the car, like through another vulnerability in its infotainment system's Wi-Fi or cellular connection or through an insecure gadget plugged into the on-board diagnostic (OBD) port under the car's dashboard.
“It doesn't depend on a specific vulnerability in some piece of software. It's a vulnerability in the design of the CAN standard itself,” Maggi explained.
Read more stories on hacking and cyberattacks at Glitch.news.
Sources include: