fb-pixelHackers can grab car data, even take control of vehicle - The Boston Globe Skip to main content
Consumer Reports | Product Review

Hackers can grab car data, even take control of vehicle

Shutterstock

Your car’s computers know much more about you than you might realize. They’re constantly tracking your driving behavior, speed, seat belt use, and more.

Because your car is networked, outside infiltration of your private data represents a serious threat to consumers. But inappropriate lawful use of that data is also a concern. In 2011, GM’s OnStar division came under fire when it said it had the right to share location data with third parties. Likewise, data from apps used in your car’s infotainment system could be sold to advertisers.

What does that mean for you? In the future, you could see targeted spam appear on your dash screen — perhaps a coupon for an oil change or a suggestion that you stop nearby for a cappuccino.

Advertisement



Today, some insurance companies offer reduced rates to drivers who install a driving-behavior tracker in their car — but could raise the rates if they speed. Already, some lenders install devices that can remotely halt a car purchased by a buyer who misses a payment.

But your data can also be hacked. Any time someone connects to your car’s onboard diagnostics system port, your vehicle’s secrets become accessible. And black hat computer hackers are claiming they can remotely invade your car’s data systems without ever getting inside your vehicle.

The takeaway: Driving privacy is under threat, if the auto industry and lawmakers don’t take action.

Runaway wheels

Some of those onboard infotainment computers have interactions with your car’s driving controls. Consider the OnStar navigation and emergency-assist system: It tracks your car’s location and history, but it also can disable your car if it’s stolen.

Though being able to remotely stop a vehicle with a drunk driver behind the wheel or a kidnapped child inside can be a good thing, the wider implications are disturbing.

Could someone with bad intentions remotely hack into your car’s controls to lock your brakes in traffic or send you careening off a bridge?

Advertisement



A recent “60 Minutes” television segment raised that specter — and demonstrated how it could be done, complete with a video of occupants sitting helplessly as someone with a laptop took remote control of their car’s horn, windshield wipers, and even its brakes.

How realistic is that scenario?

The US government’s Defense Advanced Research Projects Agency and the National Highway Traffic Safety Administration have been working on identifying ways to protect consumers from car hacking for years.

For its “60 Minutes” hack, DARPA needed to know the secure phone number that allows the vehicle to interact with the automaker’s cellular network. But it did not need the vehicle identification number of the car or any other specific data.

Dan Kaufman, then-director of DARPA’s Information Innovation Office, admits his team “knew the car quite well” in running its hack. Such an attack “would not work on just any random car,” Kaufman said, “although a similar technique would work on many modern cars.”

True, the scary scenario is not easy to achieve, but experts expect it to get easier. The worry among computer scientists is that a 14-year-old could eventually perform the hack on his laptop.

Senator Edward Markey, a Malden Democrat, recently authored a report that studied the security systems of 16 automakers — and found them to be lacking. His office plans to introduce legislation to toughen vehicle security and privacy standards.