The World's Most Hackable Cars

ancientribe writes: If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas.

The Next Step in Remotely Controlling a Car

[Fnord666]

So this is just a basic attack surface analysis of a networked system. According to the article, the researchers are saying that these vehicles are vulnerable because operational components (brakes, etc.) are on the same network as non-operational components (radio, etc.).

By contrast, the 2014 Jeep Cherokee runs the "cyber physical" features and remote access functions on the same network, Valasek notes. "We can't say for sure we can hack the Jeep and not the Audi, but... the radio can always talk to the brakes," and in the Jeep Cherokee, those two are on the same network, he says.

This does tie in well with and extend their presentation last year where, given access to the car's network, they were able to manipulate its steering and braking systems. The trick will be to subvert one of the remotely accessible systems and then generate the necessary commands on the network in question using that subverted system. Maybe they are saving that presentation for 2015.