More and more, cars are integrating electronics and computer systems to operate. It’s not only a matter of governing the mechanic components, but also to provide safety, comfort, and entertainment to its passengers. As a matter of fact, a car can be seen as a collection of computers with wheels attached. You trust your mechanic to keep its moving parts in good order, but who should you trust to keep its computers safe?
How much electronics are in a car?
A report in IEEE Spectrum titled “This Car Runs on Code” by author Robert N. Charette reports that as of 2009, cars have been built with over 100 microprocessors, 50 electronic units, 5 miles of wiring, and 100 million lines of code (read the full article here). As computer systems become more integral to vehicles, security becomes more critical and complex.
The attack surface of a car
The attack surface of a car is constituted by the data that can enter it. Inputs can come externally from our cellular connections, Wi-Fi, Bluetooth, the tire pressure management system (TPMS), and the key fob (KES). Internally, modern car systems include the infotainment and navigation console, USB, the onboard diagnostics (OBD-II) connector, and the Controller Area Network (CAN) bus connections.
At a high level, an attacker could:
- Remotely take over a vehicle
- Shut down a vehicle
- Spy on vehicle occupants
- Steal a vehicle
- Track a vehicle
- Thwart safety systems
- Install malware on the vehicle.
So how do we protect against these attacks if we don’t have access to our car’s systems and don’t know how they are designed?
The need to inspect, audit, and document
Craig Smith founded Open Garages, a group interested in sharing and collaborating on vehicle security. Open Garages provide public access, documentation and tools necessary to understand today’s modern vehicle systems. In 2014, they released their first Car Hacker’s Manual as a course material for car hacking classes. The purpose of it was to fit in a vehicle’s glove compartment and cover the basics of car hacking for security purposes. The book had over 30,000 downloads in the first week and had extremely positive reviews.
Their take on being able to hack your car is that we’re all safer when the systems we depend upon are inspectable, auditable, and documented.
Six reasons for accessing your car computer systems
After the success of the Car’s Hacker’s Manual, Craigh Smith and his crew expanded its scope and came out with a more exhaustive book: the Car’s Hacker’s Handbook. Here, he provides the following reasons why car hacking is suitable for all of us:
- To understand how your vehicle works
- To work on your vehicle’s electrical systems
- To tweak your vehicle
- To discover undocumented features
- To validate the security of your vehicle
- To help the auto industry
While he cautions that car hacking shouldn’t be taken casually (it might seriously damage your car and harm people), he also advocates for more openness and the need for more car hackers to make modern car security better and a piece of shared knowledge.
What do you think? Share your thoughts in the comments below, and stay safe while driving!
