GO
Loading...

Car hacking: The next global cybercrime?

Friday, 18 Oct 2013 | 1:03 AM ET
Onur DAngel | E+ | Getty Images

As modern cars evolve towards becoming fully autonomous, security experts are warning of a new form of cybercrime: Car hacking.

Car hacking- --where criminals can either remotely directly or take control of your car from their laptops – has become a bigger and bigger headache for car manufacturers and law enforcement bodies as in-car technology becomes more sophisticated.

There are already thousands of semi-autonomous cars already on the market that contain in-car computer systems, or electronic control units (ECU), responsible for safety functions such as detecting skids, predicting crashes and performing anti-lock braking.

By 2020, car makers predict that cars could become fully autonomous and manufacturers such as BMW have already created self-driving cars.

(Read more: Driverless cars coming but consumers not ready yet)

However, along with other computer systems, in-car technology is not hacker-proof, as tests by academics and "white hat" hackers – those that break into computer systems to highlight security issues -- have shown.

Demonstrating their Pentagon-funded work at the global "DefCon" hackers conference in Las Vegas in August, Charlie Miller and Chris Valasek showed global security experts in attendance how they could take control of a 2010 Toyota Prius and Ford Escape model using just a laptop.

They were able to remotely take control of the cars' electronic smart steering, braking, displays, acceleration, engines, horns and lights. They could even make the fuel tanks show a full tank of gas when there wasn't. To top it all, they did all this using an old Nintendo handset.

"Automobiles are no longer just mechanical devices. Today's automobiles contain a number of different electronic components networked together that as a whole are responsible for monitoring and controlling the state of the vehicle," Miller and Valasek stated in their research -- "Adventures in Automative Networks and Control Units".

"Drivers and passengers are strictly at the mercy of the code running in their automobiles and, unlike when their web browser crashes or is compromised, the threat to their physical well-being is real," the authors stated.

"You cannot have safety without security."

In 2011, researchers at the University of Washington and the University of California-San Diego were able to wirelessly hack into cars, though they withheld details of which cars they were able to "own" for fear of their knowledge being used by criminals.

(Read more: Americans wantself-driving cars built by tech firms)

The potential danger of car hacking and its use by criminals has not been lost on law enforcement bodies in both Europe and the U.S., where the National Highway Traffic Safety Administration (NHTSA) has launched an auto cybersecurity research program investigating car hacking.

The director of the Europe's Cybercrime Centre, a body within the European Union's law enforcement agency Europol, told CNBC that the potential for in-car technology to be hacked and used for organised crime, revenge, profit and competitive advantage was great.

"We are very concerned about the direction of car hacking," Troels Oerting told CNBC on Thursday. "Everyone [in the car industry] wants to make cars more helpful -- for them to help with steering, parking, breaking and even driving -- but if you do this the downside is that someone will try to use this to their advantage and for criminals, this would generally be for profit or revenge."

"Wireless technology is integrated into practically everything nowadays and if there's wireless access to anything there's a possibility to remotely control it," Oerting warned.

"We have already seen electronic devices being used to get into cars to steal them but the next step we could see is someone able to manipulate the car, steer and brake while you're in the car and without your knowledge," he said.

If a car could be remotely accessed, then, what was to stop organized crime groups "eliminating" their enemies by literally driving their car remotely off a bridge or cliff, Oerting said. In countries where carjacking was common, such as South Africa, remotely accessing the in-car technology could allow criminals to stop and open car doors very easily.

Oerting said that car manufacturers were aware of the issues and that ultimately they were liable for the security – or lack thereof -- of their vehicles.

Following the "hacks" by white hat hackers Miller and Valasek in Las Vegas this summer on the Ford and Toyota cars, the automotive industry has been keen to respond and reassure consumers that they are tackling the security issues in their vehicles.

A spokesman for Ford Motors, Craig Daitch, told CNBC that "while an attack by a hacker who obtains physical access to a vehicle for a prolonged period of time is difficult to completely diminish, Ford has made strides in limiting the ways a hacker can fully take control of a vehicle."

(Read more: Google Futurist: Driverless Cars on Track)

Toyota's public affairs manager, Cindy Knight, said meanwhile that "cyber-security is an important issue for the entire automotive industry, from automakers to suppliers to the agencies that oversee motor vehicle safety," she told CNBC.

"At Toyota, we take seriously any form of tampering with our electronic control systems. We strive to ensure that our electronic control systems are robust and secure and we will continue to rigorously test and improve them," she said.

Despite their reassurances, however, there is no guarantee that a computer system is hack proof. "You will never know when criminals' knowledge keeps up with the improvements to the technology," Europol's Oerting said.

"It's important that consumer and carmakers are aware of the downside to technological developments. You need people to be able to drive using this technology without fearing every five seconds that your car will be taken over."

- By CNBC's Holly Ellyatt, folow her on Twitter @HollyEllyatt

  Price   Change %Change
F
---
7203.T
---

Featured

Contact Crime

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More

American Greed

  • "$UDDEN DEATH"/ "HIP HOP HUSTLE" - NCAA basketball coaches are among the victims who get financially slam dunked in a $39 million scam out of Houston. And a wannabe rap star claims he's working with a famous Hollywood star to collect money to produce a movie about his 'gangsta' life. But there is no movie only hip-hop star livin'.

  • With investigators eager to confirm that Joel Salinas is running a $39 million investment fraud, he runs out of options and sets off on a final escape.

  • The $1.5 million raised to produce a movie was a scam. Instead Eric Jagclicic spent investor money on fancy cars, exotic pets, and more.