We're already in the future when it comes to tech-filled cars with autonomous capabilities and things are only going to get more advanced. Soon our cars will be talking to one another and the environments around us. As with all new inter-connected technologies, there's a worry over security.
Have cars really been hacked already?
In 2015 Chrysler had to recall 1.4 million vehicles when a pair of hackers, Miller and Valasek, demonstrated how easy it was to remotely hack into a Jeep. They were able to paralyse it on a highway and even disable the brakes at low speeds. The same pair have more recently been able hack a Jeep's steering.
Blackberry's recent acquisition QNX - which makes software for more than 60 million cars - has also come under fire as a potential target for the CIA to hack, according to documents released by WikiLeaks. The intelligence agency's Embedded Devices Branch identified QNX as one of several 'potential mission areas'.
The vulnerabilities of cars with keyless entry have been well documented with Toyota, Infiniti, BMW and Audi all affected. Experts say these vulnerabilities have already been exploited and is evidenced by real security footage.
The good news is that to hack the majority of cars you need to install a piece of hardware so it's unlikely you're at risk of a random attack.
What are companies trying to do to keep our cars safe?
It'd be silly for car manufacturers not to take this threat seriously but, for obvious reasons, we don't hear much about what they're doing. Firstly as not to admit their own vulnerabilities and secondly not to give too much information away.
There's an organisation called Auto-ISAC (Automotive Information Sharing and Analysis Center) that looks at the security surrounding connected vehicles. It promotes collaborative cyber security efforts within the auto industry.
While Auto-ISAC doesn't publish its member list, it's open to manufacturers of cars, software and parts related to the transfer of information.
The US has called for automakers to make steps to protect their cars but at the moment these are just guidelines and not enforceable rules.
Alongside Chrysler, BMW and Tesla have also disclosed actions to fix potential security gaps.
Three car manufacturers currently either offer bug bounties or run coordinated disclosure programs, which provide independent researchers (hackers) with the chance to indentify and neutralise security gaps.
Tesla Motors offers a gold coin—a symbolic gesture that’s highly sought after within the white-hat hacker community—and a factory tour to researchers who find and share vulnerabilities. General Motors started a coordinated disclosure program in January, and Fiat Chrysler Automobiles followed in July.
General Motors changed its stance when hacker Samy Kamkar told the company he found a flaw in an OnStar smartphone app that allowed him to remotely start vehicles. Within a matter of months, GM reversed its stance to distance itself from independent researchers and established its coordinated disclosure program. Within its first 48 hours of operation, GM received a large number of submissions, some of which included reports of bugs the company hadn’t previously known.
Car technology is moving very, very quickly and some manufacturers are rushing to stay ahead of the game, leaving vulnerabilities as they go. Organisations such as Auto-ISAC, along with government guidelines, will hopefully mean that security testing measures will become more stringent.
At the moment, it is easy to hack a car if you know what you're doing but every day software and car manufacturers are making it more difficult. This collaborative push towards improved cyber security means you don't have to worry about buying that Tesla or similar high-tech car.