Security Expert Warns Cars Will Always Be Vulnerable to Cyber Attack

Chris Valasek LA Auto Show 2014 H

The possibility of hackers taking control of steering or other critical functions will persist as cars increasingly communicate with the cloud

Car manufacturers, software engineers and "white hat" hackers need to work together to thwart the rising threat of cyber attacks on cars, experts in the field said Tuesday at the Connected Car Expo at the Los Angeles Convention Center.

Speaking on a panel at the Los Angeles Auto Show's press preview, security expert and former hacker Chris Valasek warned that cars that increasingly communicate with the cloud are vulnerable to remote attack by malicious hackers and will require constant vigilance.

"I don't think there is a solution," Valasek said. "These systems are designed to communicate with the outside world — and anything that connects to the outside world is an attack vector. What happens if someone finds a vulnerability in the radio that makes the steering wheel turn?"

In a 2013 study, Valasek, director of vehicle security research at Seattle's IOActive, hacked into the software controlling a Toyota Prius and was able to command the car to slam on its brakes, turn off its headlights, disable its power steering and jerk its steering wheel sharply, as well as sound its horn continuously. 

Although the hack was performed by connecting a laptop to the car's data port, Valasek said it is possible to hack these and other functions remotely. (In July, a Chinese technology company announced it had taken over a Tesla remotely and was able to turn its headlights on and off, open and close its sunroof and manipulate its locks — while the car was moving.)

Valasek stressed that for the average car owner, the threat for now is low because the cost to hack a car's computer system is prohibitively high.

"Software attacks are opportunistic," Valasek told The Hollywood Reporter. "To attack a car, first you've got to buy the car" to discover its vulnerabilities. "The return on investment isn't very high," he said. However, Valasek added, as cars increasingly become rolling pieces of software — the Tesla Model S regularly receives remote updates to its software — the auto industry will have to address the issue indefinitely.

"It's never going to be 'fixed,' " Valasek said. "It's ongoing. Every year, I panic my job is going to go away, but I'll be around forever in this gig."

Read more Hollywood's New Favorite Cars Are Armored and Electrified