Corvette hack is one more reason to be wary of connected cars
A cheap, Internet-connected dongle placed in cars by insurance companies let researchers take control of various systems inside a 2013 Chevy Corvette. The flaw has since been patched, but it's just the latest incident in a string of hacks involving connected cars.
Researchers have hacked into cars from multiple automobile makers, including Fiat Chrysler and Tesla, and now there’s been a controlled hack of a Chevy Corvette, which cut out its brake functionality and demonstrated clear vulnerability.
This latest hack comes out of a security conference where a group of researchers from the University of California at San Diego (UCSD) revealed a technique that let them wirelessly hack into autos and trucks via a small, connected dongle found in thousands of modern vehicles. (Wired.com first reported news of the frightening exploit.) The dongle plugs into car and truck dashboards, and it is used by insurance companies and trucking fleets to monitor the locations, speeds and efficiency of vehicles. Uber also offers the devices to its drivers as part of its discount insurance program.
Connected dongle to blame for ‘Vette hack
The problematic dongle connects to the Internet, so it’s possible for hackers to send it a short SMS message that then moves through the vehicle’s internal computer network. Older cars don’t have computer networks, but many newer vehicles do as automakers push the concept of “connected cars.”
The dongles “provide multiple ways to remotely … control just about anything on the vehicle they were connected to,” Stefan Savage, a UCSD researcher, told Wired.com. The researchers demonstrated their proof-of-concept attacks on a 2013 Corvette, messing with its windshield wipers, and both activating and cutting its brakes. (Check out the video below for more details on the hack.)
The company that makes the dongles says it already patched the security hole. However, other similar devices still aren’t secure, the researchers say, and the hack demonstrates how simple it is to attack a car that is connected to the Internet.
Connected-car hacks spotlight IoT risks
Automakers and federal regulators are taking the issue seriously. Last month, Fiat Chrysler agreed to recall 1.4 million vehicles that could be susceptible to remote hack attacks. The recall came a few days after researchers teamed up with a reporter to show how a Jeep Cherokee could be controlled wirelessly from miles away.
And just last week the Financial Times reported that researchers discovered six significant flaws in Tesla’s Model S that could allow hackers to take control of the vehicle, including one issue that let them turn the car off while it was driving at a low speed.
There’s a lesson here that extends beyond the realm of connected cars. More and more items, including many in the home, connect to the so-called “Internet of Things” (IoT). Some vendors are so eager to sell their connected wares that security becomes something of an afterthought — if it’s thought of at all.
It’s smart for consumers to consider the devices they purchase and then connect to the Web, and to not rush to be an early adopter. After all, computers and the Internet have been around for decades, and they are still subject to frequent hacks. I don’t mean to be an alarmist. Serious hackers generally seek financial information or government securities, not thrills. Even so, the threat of being hacked when driving down the interstate at 65 mph is real, and it’s scary.
San Francisco journalist Bill Snyder writes frequently about business and technology. His work appears regularly in CIO.com and the publications of Stanford's Graduate School of Business and the Haas School of Business at the University of California at Berkeley. He welcomes your comments and suggestions.