The 20 most hackable CARS revealed: Report lists the smart vehicles that are most at risk of having their systems hijacked
Victoria Woollaston
- Experts Chris Valasek and Charlie Miller studied 20 car makes and models
- Using schematics, they assessed the vehicles for signs of vulnerabilities
- Results were published in a 92-page report and presented at the Black Hat conference in Las Vegas
- 2014 Jeep Cherokee and 2015 Cadillac Escalade were the most vulnerable
- Meanwhile, the 2006 Ford Fusion and 2010 Range Rover Sport were listed as two of the most secure
Security experts have warned for months that smart cars are vulnerable to hackers, and now a pair of researchers has revealed the specific vehicles that are at the greatest risk.
Chris Valasek and Charlie Miller studied the schematics for a range of cars from the 2006 Range Rover Sport to this year's BMW 3 Series.
The 2014 Jeep Cherokee and 2015 Cadillac Escalade were the most vulnerable of the cars studied, while the 2006 Ford Fusion and 2010 Range Rover Sport were listed as two of the most secure.
Scroll down for video
Security experts have been warning for months that cars are vulnerable to attack from hackers, and now a pair of researchers has revealed which vehicles are the most at risk. According to the report, the 2014 Jeep Cherokee (pictured) and 2015 Cadillac Escalade were the most vulnerable of the cars studied
Mr Miller is a security engineer at Twitter, and Mr Valasek is director of Security Intelligence at IOActive.
Other cars that performed poorly in their tests were the 2010 and 2014 Toyota Prius, as well as the 2014 Infiniti Q50
The report has been shared with the Department of Transportation and industry group, the Society of Automobile Engineers.
Each car was rated under three categories – attack surface, network architecture and cyber physical.
A car’s wireless ‘attack surface’ includes the range of features that can be hacked, including Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems.
| CAR | ATTACK SURFACE | NETWORK ARCHITECTURE | CYBER PHYSICAL |
|---|---|---|---|
| 2014 Jeep Cherokee | ++ | ++ | ++ |
| 2015 Cadillac Escalade | ++ | + | + |
| 2014 Ford Fusion | ++ | - | ++ |
| 2014 Dodge Ram 3500 | ++ | ++ | -- |
| 2014 BMW X3 | ++ | -- | ++ |
| 2014 Chrysler 300 | ++ | - | ++ |
| 2014 Range Rover Evoque | ++ | - | ++ |
| 2014 Toyota Prius | + | + | ++ |
| 2010 Toyota Prius | + | + | ++ |
| 2014 Infiniti Q50 | ++ | + | + |
| 2014 Audi A8 | ++ | -- | + |
| 2010 Infiniti G37 | - | ++ | + |
| 2014 BMW 3 Series | ++ | -- | + |
| 2014 BMW i12 | ++ | -- | + |
| 2014 Dodge Viper | ++ | - | -- |
| 2014 Honda Accord LX | - | + | + |
| 2010 Range Rover Sport | - | -- | - |
| 2006 Range Rover Sport | - | -- | - |
| 2006 Toyota Prius | - | -- | -- |
| 2006 Ford Fusion | -- | -- | -- |
|
*A '+' sign means a car is 'more hackable', and a '-'sign represents a 'less hackable' vehicle.*
A car's wireless 'attack surface' includes the range of features that could be hacked, including Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems.
The network architecture includes how much access these features give to the vehicle’s critical systems, such as the horn, the steering and brakes.
Cyber physical relates to capabilities such as automated braking and parking sensors that could be controlled using wireless commands. |
|||
The network architecture includes how much access these features give to a vehicle’s critical systems, such as the horn, the steering and brakes.
Cyber physical relates to capabilities such as automated braking and parking sensors that can be controlled using wireless commands.
‘Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks,’ said Mr Valasek and Mr Miller
The 2006 Ford Fusion (pictured) and the 2006 and 2010 Range Rover Sport were listed as two of the most secure vehicles studied
‘A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.
‘Unfortunately, research has only been presented on three or four particular vehicles.
‘Each manufacturer designs their fleets differently; therefore analysis of remote threats must avoid generalities.
‘[Our research] takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective.
The results were published in a 92-page report presented at the Black Hat conference in Las Vegas.
Mr Miller and Mr Valasek were the same researchers who demonstrated hacking a Toyota Prius and a Ford Escape last year.