Car Hacking
Modern cars contain dozens of computers (ECUs) connected via CAN bus. Security researchers have demonstrated remote takeover attacks, including disabling brakes and steering. The automotive industry is now implementing security-by-design.
The Jeep Hack Demonstration
In 2015, security researchers Charlie Miller and Chris Valasek made headlines by remotely hacking a Jeep Cherokee via its Uconnect infotainment system. They could control the radio, climate control, windshield wipers, and most critically—steering, brakes, and transmission.
Attack Vectors
Cars present multiple attack surfaces:
- OBD-II Port: Direct access to CAN bus, used for diagnostics and flashing ECU firmware
- Infotainment: Connected to CAN bus, vulnerable to malware and remote exploits
- Bluetooth: Can contain vulnerabilities enabling code execution
- Wi-Fi: Passive monitoring mode can capture packets
- Cellular: Telematics units provide remote connectivity
- USB: Malicious charging cables or infected software updates
The CAN Bus Exploit
Once on the CAN bus, an attacker can spoof any ECU message. Brakes are controlled by a simple CAN message—there's no authentication or verification that the message came from the brake module. This fundamental vulnerability affects most vehicles.
Industry Response
After the Jeep recall, the automotive industry took security seriously. ISO/SAE 21434 (2021) defines cybersecurity engineering requirements. General Motors, Ford, and others now have bug bounty programs. Secure gateways, hardware security modules (HSM), and secure boot are now standard in new vehicles.