- Share this article on Facebook
- Share this article on Twitter
- Share this article on Email
- Show additional share options
- Share this article on Print
- Share this article on Comment
- Share this article on Whatsapp
- Share this article on Linkedin
- Share this article on Reddit
- Share this article on Pinit
- Share this article on Tumblr
Car manufacturers, software engineers and “white hat” hackers need to work together to thwart the rising threat of cyber attacks on cars, experts in the field said Tuesday at the Connected Car Expo at the Los Angeles Convention Center.
Speaking on a panel at the Los Angeles Auto Show’s press preview, security expert and former hacker Chris Valasek warned that cars that increasingly communicate with the cloud are vulnerable to remote attack by malicious hackers and will require constant vigilance.
“I don’t think there is a solution,” Valasek said. “These systems are designed to communicate with the outside world — and anything that connects to the outside world is an attack vector. What happens if someone finds a vulnerability in the radio that makes the steering wheel turn?”
In a 2013 study, Valasek, director of vehicle security research at Seattle’s IOActive, hacked into the software controlling a Toyota Prius and was able to command the car to slam on its brakes, turn off its headlights, disable its power steering and jerk its steering wheel sharply, as well as sound its horn continuously.
Although the hack was performed by connecting a laptop to the car’s data port, Valasek said it is possible to hack these and other functions remotely. (In July, a Chinese technology company announced it had taken over a Tesla remotely and was able to turn its headlights on and off, open and close its sunroof and manipulate its locks — while the car was moving.)
Valasek stressed that for the average car owner, the threat for now is low because the cost to hack a car’s computer system is prohibitively high.
“Software attacks are opportunistic,” Valasek told The Hollywood Reporter. “To attack a car, first you’ve got to buy the car” to discover its vulnerabilities. “The return on investment isn’t very high,” he said. However, Valasek added, as cars increasingly become rolling pieces of software — the Tesla Model S regularly receives remote updates to its software — the auto industry will have to address the issue indefinitely.
“It’s never going to be ‘fixed,’ ” Valasek said. “It’s ongoing. Every year, I panic my job is going to go away, but I’ll be around forever in this gig.”
Sign up for THR news straight to your inbox every day