Last year, the same security gurus famously hacked a Jeep Cherokee while it was being driven.
Half of connected cars are at risk of being hijacked by hackers, according to the company that managed to hack a Jeep and steer it off the road last year. Researchers from cyber security firm IOActive were able to take control of the Chrysler Jeep Cherokee from miles away while it was being driven by Wired reporter Andy Greenberg.
A new report from the company claims that some 51% of connected cars could be at risk of a similar takeover. What's more, 71% of the security flaws uncovered could be "exploited without much difficulty, or are almost certain to be exploited", according to the report. Security tests were carried out on cars from the "world’s leading vehicle manufacturers" resulting in three years' worth of data on which the report was based. The company has not divulged exactly which car makers were under scrutiny. Reuters Tesla Motors mass-market Model 3Tesla is due to start selling its Model 3 self-driving sedan car in 2017
"Every system or component that we tested had at least one vulnerability," a company spokesperson told Mirror Online.
The majority of the security flaws were related to network connections, with attackers most likely to focus their efforts on points where data enters the car - including Bluetooth, Wi-Fi and apps. While a cyber attacker could do something as simple as opening or closing the windows or adjusting the temperature inside the car, they could also do something more severe such as tampering with the brake controls.
“The days when a rogue street urchin wielding a coat hanger was the main threat to vehicle security are long gone," said Corey Thuen, Senior Security Consultant at IOActive, who authored the paper.
"As the report shows, we have uncovered a number of 'hair-on-fire' vulnerabilities that could easily be exploited at any moment – so manufacturers really need to wake up to the risks they face in the new connected world. "Glow in the dark Nissan Leaf Hackers managed to breach the app-connected Nissan Leaf car in February
Even worse is the news that these security flaws are unwittingly being built into the cars by the manufacturers from the design level, and are usually unfixable.
To keep drivers safe, car makers could be forced to issue an increasing number of product recalls in future. "Failing to address security at the early development stages could be very costly in the long-run, leading to loss of consumer confidence or even product recalls – a situation that some vehicle manufacturers would find hard to recover from,” warned Thuen.
The report suggests that connected car makers, including brands like Google and Tesla, need to do more during the initial design process to ensure that on-board hardware and software cannot be breached by hackers.