Vehicle technology and in-vehicle electronics have been fast moving developments over recent years, with modern vehicles becoming more dependent on Electronic Control Units (ECUs) to govern the majority of on-board vehicle functions.  Couple this with an increased level of communication with infrastructure outside of the vehicle (off-board), and it is possible that these vehicles have now been left vulnerable to electronic hacking attacks.

While these technological developments have no doubt helped to improve the performance, emissions, safety, and convenience aspects of the vehicle, computer software experts claim that the security of these connected ECUs against malicious manipulation has not been given as much consideration. Convenience systems such as navigation and remote diagnostics are often able (and are sometimes designed) to communicate with security and safety critical systems even over parallel networks.

The on-board communications are not designed to prevent unauthorised access, as the wide variety of aftermarket diagnostic tools proves.  Opening external channels to these vulnerable networks may give a hacker access to the vehicle’s central nervous system via the CAN Bus if they could successfully break through the off-board systems or communication protocols.  Research teams have already proven that vehicle hacking is possible both through wired and wireless connections to the vehicle; exerting control over systems including the engine, the brakes and the ignition.

Summary of Possible Hacking Access Routes

Increasing in-vehicle electronics and wireless connectivity will only increase the opportunity for hackers to access the vehicle.  Vehicle Manufacturers and Suppliers need to seriously consider the security protocols integrated into the vehicle to ensure that this level of control cannot be achieved.  SBD's latest report Can Thieves Control My Car? Hacking Attacks on Vehicle Security Systems explains the current threat level and separates myth from fact regarding what thieves are currently capable of doing and what they may be capable of achieving in 7 years time with advances in vehicle architecture and advances in tools and techniques available to thieves.

SBD cautiously predicts an increasing threat from this type of attack, and recommends within this report that study is made into partitioning security and safety systems from communication routes which a thief may utilise, stronger software protection within the on-board systems, and that security is considered in the initial design concept. To buy this report contact Alessio at ABallatore@sbd.co.uk.