Cars with mechanical functions and connective functions operating on the same network are the most vulnerable to hacking.
The 2014 Jeep Cherokee, 2015 Cadillac Escalade and 2014 Infiniti Q50 are among the most “Hackable Cars,” according to researchers Charlie Miller and Chris Valasek.
Valasek and Miller will present findings at the Black Hat USA global security event in Las Vegas on Wednesday.
As cars become more connected and reliant on electronic aids for everything from entertainment to steering, they also become much more vulnerable to invasive remote attacks, where a hacker could take control of functions remotely.
That’s the message Dr. Charlie Miller and Chris Valasek will deliver to the Black Hat USA event in Las Vegas on Wednesday, along with a list of vehicles that make it easy for hackers to remotely take control of automotive functions.
According to Miller and Valasek:
The 2014 Jeep Cherokee operates both “cyber physical” features and remote access functions on the same network. “We can’t say for sure we can hack the Jeep,” says Valasek, but in the 2014 Jeep Cherokee, “the radio can always talk to the brakes,” as they operate on the very same network.
Similarly, the Infiniti Q50 also operates its telematics system, Bluetooth, and radio functions on the same network as the car’s engine and braking systems.
Intuitively, the cars with the least amount of integrated systems on the same network are the least hackable. Miller and Valasek point out that cars like the 2014 Dodge Viper, and the 2014 Honda Accord have steering and engine management systems that are isolated from other systems.
The pair single out the 2014 Audi A8 as one of the least hackable cars. “Each feature of the car is separated on a different network and connected by a gateway,” Valasek says. “The wirelessly connected computers are on a separate network than the steering, which makes us believe that this car is harder to hack.”
Valasek and Miller raised the public consciousness about the vulnerability of some cars to hacking when they successfully controlled the steering, braking and even seat belt tension of a 2010 Toyota Prius and a 2010 Ford Escape in a video from 2013.
The team never received a response to the videos from either Ford or Toyota, but the Alliance of Automobile Manufacturers and the Global Automakers have recently announced plans to address concerns over security.