One of the most memorably stupid moments in Untraceable, widely seen as one of the dumbest movies ever made about hackers, is a scene where a car gets hacked. It was roundly mocked at the time. Now, six years later, it turns out reality has caught up with Hollywood.
First of all, that 60 Minutes clip up top, while loaded with exactly the kind of FUD you expect when explaining computer security to the elderly, is a bit troubling. The software seemingly allows the user to do everything from annoy the driver by triggering the horn to knocking out the brakes, a substantial advance from when these guys had to disassemble a Prius to remotely take it over.
And lest you think the security problems are limited to one model, the Senate recently put out a report about automakers and security for computerized cars, and you’ll never guess what a total lack of regulations and complete ignorance of basic computer security standards has achieved!
…nearly all modern vehicles have some sort of wireless connection that could potentially be used by hackers to remotely access their critical systems. The company’s protections on those connections are “inconsistent and haphazard” across the industry. And in addition to security weaknesses, Markey’s survey also found that many auto companies are collecting detailed location data from their cars and often transmitting it insecurely.
That last, in particular, stands out. The remote control stuff you see in that clip is military software. These guys took apart the code of each car bit by bit and designed specific procedures to get at it. It’s the software equivalent of a Stinger missile, and we’re unlikely to see it reverse-engineered by a private citizen any time soon. And to really get at the system from a distance, the car also needs to have at least a cellular connection, which is still relatively rare, as well.
Your location data, on the other hand, is being sent out where any idiot can get to it. Automakers have been essentially making that data public for anybody who can figure out which car is yours. So, even if your car isn’t commandeered by a remote program and driven into a wall by the military, anybody who wants to follow you around can do so from their couch! Isn’t technology great?