CBI Blog

Car Hacking 101: What You Need to Know

Car Hacking


With roughly 250 million cars registered each year in the U.S., the growing possibility of car hacking is concerning. Nearly everyone has a car. Before Charlie Miller and Chris Valasek’s carjacking experiment gained fame, many of us thought car hacking wasn’t even a possibility. Most of us are still getting accustomed to defensive driving against “text-and-drivers,” which causes 1,169 car crashes to occur daily.

The simple truth is, though, is that yes, your car can be hacked. In fact, as Miller and Valasek show, it’s possible by hijacking and disabling a Jeep’s brakes from a laptop. (This resulted in Chrysler recalling 1.4 million of the vehicles).

Today, we'll discuss how critical the problem of hacking cars is and how hackers infiltrate a car’s controller area network (CAN). Plus, two potential car hacking signs to watch out for, as well as what to do if you suspect your car has been (or was) hacked.

What Do People Think About This?

A Kelly Bluebook survey revealed that people are nervous about the threat of hacking. Specifically, 41% now have carjacking in the back of their minds when they’re looking for a car.

Approximately one-third (33%) consider a car cyberattack a “serious” threat, while slightly over one-third (35%) rank it is a “moderate” threat.

The survey also shows that more people believe someone would hack a car as a prank (41%) than try to steal it (37%). Sadly, 58% don’t think there will ever be a solution to solve this problem. So, as you can see from the figures, many are worried about the cybersecurity aspect of cars (this becomes a much more critical situation when we consider the role of CAN).

How CAN Works

Over the years, cars have become more computer-driven. Examples of computer-automated devices include anti-lock brakes, stability control, airbags, roll compensation, variable headlights, and lane guidance. Not to mention, your car’s infotainment system (i.e. Bluetooth, GPS, radio, etc.)

The CAN bus system is how all of these areas in your car communicate with one another. It’s the wiring and signals that are connected together that make it possible for you to roll down the window, turn on the radio at the press of a button, and control the engine temperature and tire pressure. Without this system in place, your car would be pretty ineffective.

As mentioned above, the CAN bus system is a series of wires with nodes. The wiring is referred to as the bus. Each node is an individual system (i.e. security, transmission, engine). Communication between the nodes runs through the individual wires. To give you an idea of how complex modern cars have become, consider this: researchers discovered that your standard modern high-end car today has over 100 million lines of code. In case you were wondering, that’s more than a F-35 Fighter Jet and Boeing 787 passenger airliner.

This system was created in the 1980s in Germany so that cars could be more efficient. What the CAN developers didn’t know at the time was that hacking via the CAN bus system was a possibility (it was thirty plus years ago). At that time, ITIL had just come out. It's unfortunate that the CAN bus system wasn’t created with cybersecurity in mind, but this is one of the primary reasons why the risk for car system hacking is quite a real possibility.

Two Signs Your Vehicle May Have Been Hacked

Below are two signs to watch out for that may alert you to the fact that your car has been hacked.

1. Sketchy Electronic Systems

Let’s say you have a keyless entry system. When you go to your car, instead of it automatically unlocking, you can’t get in. Perhaps you can chalk that up to dead batteries? When you get inside, though, you try to activate your GPS system but the screen keeps on flickering on and off? Alternatively, the system starts to work and then shuts off? Then the radio begins switching channels without your input? What we’re trying to say is that one of these devices malfunctioning is concerning, but several malfunctioning at once is cause for increased suspicion.

One of the ways hackers can hack the CAN bus system is by gaining access through its vulnerabilities, one of these being the infotainment system. By breaking into the infotainment system, the hackers can now access vehicle safety or control systems—steering, brakes, etc.

Miller and Valasek refer to Bluetooth, WiFi, cell network, keyless entry systems, radio connections, and, yes, tire pressure monitoring system features as parts of an “attack surface.” In a nutshell, the larger a car’s “attack surface” is, the higher chance it has of being infiltrated.

2. Erratic Brake And Steering Wheel Behavior

Your breaks clinch the tires, then release. Your steering wheel is shifting a little bit. Yes, you may have an alignment problem, and, yes, it is plausible that your brakes may need to be replaced. However, you shouldn't rule the possibility of your car being hacked out of the picture.

As we mentioned, the CAN bus system wasn’t built with cybersecurity in mind. This makes it especially vulnerable to intrusion. Since this network is not segmented (no firewalls or proxies protecting them), a hacker can use access to one system to gain access others. After sneaking into a more vulnerable part of your car's electronics, hackers can then work their way to your steering and brakes, causing even more issues.

Miller and Valasek state that the network architecture—the level of access hackers have to systems like your steering and brakes—is a serious risk factor. Remember the "attack surface" concept? The easier it is to get to the steering and brakes through connected systems, the easier it is for hackers to conduct a successful cyberattack on your vehicle.

What To Do If You Suspect Car Hacking

According to this article, you should contact the FBI. In addition, you should get in touch with your car manufacturer and the National Highway and Traffic Safety Administration. For more information about carjacking and what you can do to protect yourself, contact CBI. And, while you're at it, be sure to check out our blog.

CBI Cyber Security Solutions

Team CBI

CBI manages IT security risk and helps ensure your data is secure, compliant and available. No matter your industry our Subject Matter Experts, tailored assessments and custom solutions help safeguard your organization’s information. Our proven process allows you to prepare, manage and navigate issues that can damage your business and reputation.