If you're a regular reader of this blog, you must be well aware of the growing risk of car hacking. This is the result of a number of factors – most notably, the increased reliance on computers throughout modern car systems and the fact that hackers are now turning their attention to these vehicles. Unfortunately, it appears that while car manufacturers are coming to recognize this threat, their efforts are not keeping pace with the accelerating danger.
This summer, the state of car hacking will move even more into the spotlight. At two major cybersecurity-focused conferences – Black Hat and Defcon – industry leaders will discuss and demonstrate car hacking techniques, raising awareness of just how serious this issue has become. Hopefully, these conferences will spur more car manufacturers to embrace high-end security tools, such as Klocwork static analysis solutions, which can drastically cut down on vulnerabilities that car hackers would otherwise exploit.
"Tesla will have a booth at a 'car hacking village' at Defcon."
A Tesla test case
In an unusual development, attendees at the Defcon convention will actually have the opportunity to attempt to hack a Tesla vehicle, according to Forbes. While no official announcement has been made, an unnamed Tesla spokesperson told the news source that Tesla will have a booth at a "car hacking village" at Defcon. There, attendees will be able to tinker with any of the vehicle's connected parts.
Forbes noted that Tesla has demonstrated a greater enthusiasm for car cybersecurity than most manufacturers. At last year's Defcon, the company scouted for talent among attendees. Opening up a vehicle to on-site hacking will make it even easier for the firm to discover new, skilled personnel, while also revealing any security vulnerabilities that need to be corrected immediately.
A live demonstration
Car hacking will be just as much a focus at the Black Hat conference, to be held in Las Vegas this summer. At both of these events, Charlie Miller and Chris Valasek have promised to provide a live demonstration of a wireless hack on the digital network on a car or truck, according to Wired. Both Miller and Valasek have been leading figures in the car hacking community for years. Notably, their research on the topic was cited by Senator Ed Markey in a letter to 20 automakers that demanded more information on their security practices. This live car hacking may be their most convincing presentation on the topic.
"Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle's hardware in order to be able to send messages on the CAN bus to critical electronic control units," Miller and Valasek explained in an abstract for their Black Hat talk. "We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks."
Wired noted that the degree to which Miller and Valasek will be able to control their target vehicle is not yet apparent. Additionally, neither of the cybersecurity experts revealed the make or model of the vehicle they will use for their hacking demonstration. However, the source noted that Miller issued a tweet strongly suggesting that Jeep will be the target.
Calls to action
Regardless of the success that Miller and Valasek or Defcon attendees have in their hacking efforts, it's clear to see that car cybersecurity is a serious issue growing more important by the day.
For any car manufacturer looking to improve its security, static analysis solutions are essential. These tools, like Klocwork, allow developers to identify potential vulnerabilities in their coding work as they progress. By catching such flaws early, car manufacturers ensure their vehicles are as hack-resistant as possible before they leave the factory floor.