How criminals can hack cars, traffic systems

Hackers have found innovative ways to infiltrate our vehicles and traffic control systems, which are becoming increasingly connected.

Many aspects of our modern connected systems make us vulnerable to hacking attempts. Credit: Bill Abbott

Imagine the terror you would feel if your digitized dashboard went blank and your brakes failed as you were driving on the highway. Unfortunately, this could happen, as our connected vehicles gain greater capabilities and hackers become savvier.

As vehicles, infrastructure, traffic control systems, infotainment systems and our mobile devices become more integrated, criminals are finding new ways to infiltrate these systems.

It is estimated that by 2025, 60 percent of cars will be connected through the Internet. There are several upsides to this, such as advanced safety features and upgraded vehicle software protection. However, the fact remains that drivers will be more vulnerable to vehicle and traffic control hacking attempts unless automakers and security companies create innovative security solutions.

Hacking traffic control systems

Magnetic sensors in the street collect and disseminate data, such as traffic flow and the number of cars on the road, to traffic control systems. Cesar Cerrudo, chief technology officer of IOActive Labs, told Tech Page One that these sensors could be hacked because there are few security protocols in place.

Cerrudo said that a hacker could be as far as two miles away from a target if they’re using professional transmitters or antennas.

Hackers don’t even need transmitters or antennas. A group of computer scientists from the University of Michigan proved in August that a computer is all a hacker needs to communicate at the same frequency as the intersection radios to access an unencrypted network and alter the timing of traffic lights. Theoretically, hackers could easily turn all the traffic lights in a given area red since they’re connected through wireless networks, forcing drivers to come to an abrupt stop.

University of Michigan authorities gave researchers permission to carry out this experiment, of course. The team, led by J. Alex Halderman a computer scientist at the university, discovered three major weaknesses in the light system: unencrypted wireless connections, usage of usernames and passwords that could be found online and a debugging port that is simple to attack.

“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” the researchers said.

The problem is there are no safeguards in place to protect these systems from hacking attempts.

“Because these systems are wireless and insecure, it allows attackers to take [information on traffic patterns] and impact the systems,” Cerrudo told Tech Page One.

How our cars are vulnerable

Cars’ connected systems are an even bigger gateway for hackers.

Hackers can target vehicles’ Bluetooth connections, OnStar-like cellular radios, apps that are synced to the car’s infotainment systems and even a car’s stereo though malicious audio files burned onto a CD. An attack on any one of these components can wreak havoc on other related systems as well.

An August report showed that vehicles such as the 2014 Jeep Cherokee and the 2015 Escalade have major security flaws in terms of the vehicles’ applications, Bluetooth and telematics. Those apps are on the same network as the engine controls, steering, brakes and tire pressure monitoring systems. When vital functions, such as steering, are on the same network as the apps that connect the car wirelessly, it can put the driver in significant danger.

Addressing hacking vulnerabilities

At the August Black Hat Conference in Las Vegas, security researchers Charlie Miller and Chris Valasek showcased a prototype device for an intrusion-detection system for automobiles. The device, which was built with parts that cost merely $150, features an Embed NXP microcontroller and a simple board that plugs into a jack underneath the vehicle’s dashboard.

When the automobile is driven, the device captures a vehicle’s data patterns. It can then be switched into detection mode, which flags abnormalities such as an odd number of signals or a command for parking that shows up while the driver is on the highway.

When abnormalities are detected, the device will cause the vehicle to go “limp,” shutting down the car’s network and disabling power steering and lane assist until the vehicle is turned back on, Miller and Valasek said.

Security researchers are coming up with cutting-edge ways to protect our vehicles and traffic control systems, but they’ve got a long way to go before drivers can feel safe on the roads from cyberattacks.

Emily Scott
Emily Scott is a journalist from Temple University whose writing interests include technology, culture and music. Her work has been published in The Credits and Tech Page One.
Emily Scott
Tags: Downtime,Industries,IT Security,Retail,Tech Culture,Technology