Exploits & Vulnerabilities
Top Car Models Prone to Hacking by Consumer Watchdog
Non-profit, progressive organization Consumer Watchdog recently published its “Connected Car Report 2020: The Models Most Open to Hacks”, listing the top best-selling cars of the year prone to hacking.
Non-profit, progressive organization Consumer Watchdog recently published its “Connected Car Report 2020: The Models Most Open to Hacks”, listing the top best-selling cars of the year prone to hacking.
The advocacy group's report evaluated the technical specifications of each connected car and surveyed dozens of sales departments and services technicians at major car manufacturers. According to the report, the listed cars have features for internet connectivity and systems and no known method to disconnect those systems. This leaves automobiles at risk of hacking.
According to Consumer Watchdog, the top ten hackable vehicle models are Ford F-150, Dodge Ram 1500, Chevy Silverado, Toyota Rav 4, Honda CRV, Nissan Rogue, Chevrolet Equinox, Toyota Camry, Honda Civic, and Toyota Corolla.
“World’s Most Hackable Car”
Consumer Watchdog also listed Tesla as the world's most hackable car. The report said that despite Tesla's claims about the security of its connected cars, a hacker was able to gain access to the company's fleet and remotely accessed the safety critical system of every car.
Jason Hughes hacked Tesla's servers, sending commands to any car, given just its VIN. Hughes could move the cars in a short distance. He informed Tesla about the vulnerability, and the company paid him $50,000 for the information and fixed it. However, Tesla did not inform the public and regulators.
The report also said that Tesla's Over The Air (OTA) updates are unsafe. In 2016, Tesla's Model S was hacked by Keen Labs, enabling the hackers to control the car's brakes, among other things. Despite the company's improvement of their automobile's security after the incident, Keen hacked Tesla cars for a second time a year later.
In 2018, Tesla exploited the OTA update ability, releasing the Model 3 to the public even before the software was fully tested. Later in the same year, a botched OTA update can into the light. It caused Tesla's Autopilot system to stop working.
Identifying the vulnerabilities connected cars have is important to make them safer, especially as they become a bigger part of people's daily lives. To learn more about the security blind spots of connected cars, check out TrendMicro's “Driving Security Into Connected Cars: Threat Model and Recommendation”. The research listed the threat model for connected cars and guidelines on how to protect them.