Alexis Ternoy
Alexis Ternoy 26 November 2015

SuperHack: What The Zero-Day Exploit Means For Your Daily Commute

Why there is just no way we'll ever keep hackers out of our cars.


Attendees at DefCon conference in Las Vegas last month sure had a lot to feel smug about. With the GM and Chrysler car-hacking stories fresh on the minds of the the general public, hackers were once again in the mainstream spotlight.  Only this time it wasn’t just about big corporation data breaches…it was something that could affect everyone’s daily commute.

With the encroachment of the connected lifestyle into the vehicles we drive, experts are having a hard time keep ahead of security risks.  This past July, Wired Magazine published an article describing what a mid-commute car hack would feel like.  Two weeks later, the Washington Post picked up the story and it went large.

The story?  Reporter-turned-crash-test-dummy Andy Greenberg volunteered to have his drive through busy St. Louis highways hacked en-route and the results were unsettling. Hackers were able to control every aspect of the Jeep Cherokee Greenberg was driving, including the accelerator and the brakes.

Should you be worried?

Car hacking has been on the minds of tech-savvy readers for years now.  We used to simply worry about hackers stealing our cars but now with the Greenberg story we’re worried our next road trip will turn into a fatal disaster.  Hacking can have many outcomes, but the reasons we used to think we were immune no longer reassure us.

For many the answer for a hack-proof car has been one or both of the following things:

  • keyless entry cars
  • electric cars

Keyless cars seemed impervious to hacking because they require presence of the key fob in order to run.  Electric cars were simply impossible to hotwire because the technology of the car is completely different.  The “wires” you need to connect would fatally electrocute you.

Keyless cars and hacking

Owners of keyless cars originally loved the idea that their vehicle could never be hot-wired.  Matching computer chips from the car and the keyfob must be near each other in order for the car to start…you can connect all the wires you want but unless that keyfob is there, no dice.

But now that’s been proven wrong.

Just this week, news broke that Volkswagen keyless entry cars were vulnerable to hacking…and the car manufacturer has known about it since 2012!  Seems the apps used by keyless car owners are vulnerable to hacking, allowing coders to “learn” the codes used by the chips used to start the car.  No fob, no problem.

Electric cars and hacking

Electric cars have traditionally been though of as hotwire-proof.  That’s because they require a continuous loop of current in order to keep moving…one which, without the keys to the car, must be made by hand.  This requires genius-level knowledge, disassembly of the car, and lots of luck…oh, and the ability to withstand many amps of current running through your body as you complete the loop of current required to run the car while your partner drives it away.   In case you need to brush up on the properties of electricity, it’s not something you want to happen.  Count on having to wire yourself up to the car every time you need to drive it, too.

Now, however, hacking an electric car has been done via laptop.  Of course this still requires access to the car so you can plug into the dashboard, but that problem is far less troublesome than the problems arising from electrocuting yourself during your theft operation.

The irony here is that your Tesla might still be “hotwire proof” if only it didn’t have web capability!

Browser updates have never been so important

The Tesla car hack was carried out through the browser used by the car’s infotainment system.  In this incident, it was an outdated browser which contained a vulnerability security teams have known about for more than four years.  Found in Apple WebKit, the vulnerability is called the Zero Day Exploit. 

Webkit vulnerabilities can be found in Apple Safari, Android and Ubuntu, but the Teslas ran an outdated version of Safari.  This back-door vulnerability has also exposed millions of Playstations, Android phones, and BlackBerries, as well as a host of other devices.  Hackers gleefully install Trojans or anything they like, giving them control of the device.

It’s one thing to have your Grand Theft Auto vehicle taken over, but your actual car?  Unthinkable.

It all comes down to what could be described as human error

The chips in the Volkswagens described earlier were using outdated encryption, exposing the security code to hackers.  In this case, the breach means the car can be stolen but not controlled remotely.

Still, it highlights the unsettling fact that even with teams of highly paid experts designing the most technologically advanced cars in the world, it all came down to human error.  After all, a simple matter of failing to have the latest version of encryption technology?  That’s like failing to update your virus software.

And in the case of the Zero Day Exploit used by Tesla hackers…this is truly unforgivable, given this breach is five years old.  By any definition, the Zero Day Exploit is ancient history in hacker world. The thought that an outdated browser paved the way for hackers to use this ancient relic is more than unsettling…it’s unacceptable!

It just goes to show that car manufacturers aren’t investing enough money into hack-testing the computer systems in their cars.  Universities, security firms, and startup hackers are the people discovering the security breaches, not GM, Chrysler, or Tesla.  And in the case of Volkswagen, it was actually employees of Volkswagen who discovered the flaw…but VW chose to sue them instead of thanking their lucky stars the flaw wasn’t discovered first by outsiders.

Hackers will never be stopped as long as car companies allow this amateurish level of oversight to occur.  Heck, we can’t even stop car companies from issuing cars with deadly mechanical flaws…how will we ever force them to be on top of their game with cyber security?  We have to face facts: there’s just no way we’ll ever keep hackers out of our cars.


Original Article


Read More On Digital Doughnut

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Infographic: 5 Key Findings from the Content Marketing Maturity Report

Infographic: 5 Key Findings from the Content Marketing Maturity Report

A new report from London Research and ContentCal explores how content marketing leaders are able to excel at this discipline, and reap the rewards. The infographic below summarises five of the key findings.

Linus Gregoriadis
Linus Gregoriadis 18 October 2021
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
Top 10 Skills to Become a Rockstar in Digital Marketing

Top 10 Skills to Become a Rockstar in Digital Marketing

Technology is continuously evolving, prompting marketers and entrepreneurs to dive into digital marketing to increase brand awareness, reach their target market, and ultimately drive sales and profit. 

Jessica Andriani
Jessica Andriani 7 September 2018
Read more
How to Encourage Customers to Post Photos about Your Brand

How to Encourage Customers to Post Photos about Your Brand

Visuals impact buyer behavior – there’s no doubt about it. But not just any visuals will have the impact you planned on your eCommerce marketing strategy. If the only images your customers see in relation to...

Luisana Cartay
Luisana Cartay 8 June 2016
Read more