Recently, the team at Teardown.com engaged in a discussion regarding a Forbes.com article, which argues that a connected car can be easily hacked by a small hardware device.
The CAN Hacking Tool, or CHT.
"Auto makers have long downplayed the threat of hacker attacks on their cars and trucks, arguing that their vehicles' increasingly-networked systems are protected from rogue wireless intrusion. Now two researchers plan to show that a few minutes alone … " -- from the Forbes story, "This iPhone-Sized Device Can Hack a Car, Researchers Plan to Demonstrate" by Andy Greenberg (Forbes, 2/05/2014).
Articles such as this Forbes story have created an atmosphere of concern about the digital security of a "connected" car. Given that we have over 14 years of teardown experience with a wide variety of devices ranging from cameras to cars, I sought input from one of our analysts concerning this subject. Based on our discussion, we determined that while security with wireless strategies is an issue going forward, the implied simplicity of hacking is overstated.
Clearly, the issues raised in the Forbes article have been around for some time (the article quotes a wireless attempt from 2011). The original Controller Area Network (CAN bus) was developed by Robert Bosch GmBH in 1983 and, as a low level protocol, does not employ security measures but leaves that up to the application developer to implement. Based on our analysts' knowledge and a fact that was admitted to in the article, hacking into a vehicle's CAN bus first requires physical access. This contradicts the hacker's standard operating procedure of REMOTE access which, by its nature, leaves them relatively free from discovery by law enforcement. So, ignoring the major obstacle of physical access, it's pretty safe to say that most vehicles with a networked communications bus would present a potential target for hackers.
It should be pointed out that we do NOT want to downplay the importance of this potential security issue. Opportunities to hack into a vehicle's communications network do exist, but as we progress toward autonomous vehicles of the future, wireless technologies are becoming tightly integrated into critical safety systems, and security issues will be resolved out of necessity.
We believe the reason this issue has garnered so much media attention recently is due to a heightened awareness of the lack of security for personal information, as well the proliferation of wireless vehicular communications via WiFi, Bluetooth, and cellular connectivity. Possibly exacerbating this concern is the upcoming, overdue decision by the NHTSA on whether to mandate vehicle-to-vehicle communications (V2V) in all new vehicles, the technology of which is partially derived from the popular WiFi 802.11 standard (802.11p).
At Teardown.com we're focused on increasing our involvement in automotive teardowns. To date we have complete analysis of the Chevy Volt (from battery subsystems to infotainment ICs) as well as numerous other ECM (engine control module), BCM (body control module), and GPS systems. We are excited to see what the future will bring and look forward to delivering the latest developments from worldwide leaders in automotive technology.
— Joel Martin is senior vice president & general manager of Teardown.com. Teardown.com, part of TechInsights, has been doing design, integrated circuit analysis, and bill of material costing for 15 years.