[1] Automotive hacking is the exploitation of vulnerabilities within the software, hardware, and communication systems of automobiles.
Modern automobiles contain hundreds of on-board computers processing everything from vehicle controls to the infotainment system. These computers, called Electronic control units (ECU), communicate with each other through multiple networks and communication protocols including the Controller Area Network (CAN) for vehicle component communication such as connections between engine and brake control; Local Interconnect Network (LIN) for cheaper vehicle component communication such as between door locks and interior lights; Media Oriented Systems Transport (MOST) for infotainment systems such as modern touchscreen and telematics connections; and FlexRay for high-speed vehicle component communications such as active suspension and active cruise control data synchronization. [2]
Additional consumer communication systems are also integrated into automobile architectures including Bluetooth for wireless device connections, 4G Internet hotspots, and vehicle Wi-Fi. [3]
The integration of these various communications and software systems leaves automobiles vulnerable to attack. Security researchers have begun demonstrating the multitude of potential attack vectors in modern vehicles, and some real-world exploits have resulted in manufacturers issuing vehicle recalls and software updates to mobile applications.
Manufacturers, such as John Deere, have used computer systems and Digital Rights Management to prevent repairs by the vehicle owners, or by third parties, or the use of aftermarket parts. [4] Such limitations have prompted efforts to circumvent these systems, and increased interest in measures such as Motor Vehicle Owners' Right to Repair Act.
In 2010, security researchers demonstrated how they could create physical effects and undermine system controls by hacking the ECU. The researchers needed physical access to the ECU and were able to gain full control over any safety or automotive system including disabling the brakes and stopping the engine. [5]
In a follow-up research paper published in 2011, researchers demonstrated that physical access is not even necessary. The researchers showed that “remote exploitation is feasible via...mechanics tools, CD players, Bluetooth, cellular radio...and wireless communication channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft”. [6] This means that a hacker could gain access to a vehicle's vital control systems through almost anything that interfaces with the automobile's systems.
UConnect is Fiat Chrysler's Internet-connected feature which enables owners the ability to control the vehicle's infotainment/navigation system, sync media, and make phone calls. It even integrates with the optional on-board WiFi. [7]
However, vulnerabilities in Fiat Chrysler's UConnect system, available on over 1.4 million cars, allows hackers to scan for cars with the system, connect and embed malicious code, and ultimately, commandeer vital vehicle controls like steering and brakes. [8]
In 2015 at the DEF CON hacking conference Marc Rogers and Kevin Mahaffey demonstrated [9] [10] how a chain of exploits could be used to take complete control of the Model S. Marc Rogers and Kevin Mahaffey identified several remote and local vulnerabilities that could be used as entry points. They demonstrated that after exploitation the vehicle could be remotely controlled with an iPhone. [11] Finally, they also demonstrated that it was possible to install a backdoor that allowed persistent access and control of the vehicle in a similar fashion to exploit techniques more usually associated with traditional computer systems. Marc Rogers and Kevin Mahaffey worked with Tesla, Inc. to resolve the issues before disclosure. It was announced before the presentation that the entire global fleet of Model S cars had been patched overnight, the first proactive mass Over The Air (OTA) security update of vulnerable vehicles. [12] [13]
The OnStar RemoteLink app allows users the ability to utilize OnStar capabilities from their Android or iOS smartphones. The RemoteLink app can locate, lock and unlock, and even start your vehicle. [14]
The flaw in General Motors’ OnStar RemoteLink app, while not as extreme as UConnect, allows hackers to impersonate the victim in the eyes of the RemoteLink app. This means that the hackers can access all of the features of the RemoteLink app available to the victim including locating, locking and unlocking, and starting the engine. [15]
The security researcher Samy Kamkar has demonstrated a device that intercepts signals from keyless-entry fobs and would allow an attacker to unlock doors and start a car's engine. [16]
Kia back windows can be broken without setting off an alarm, and Hyundai are similar. [17] Since 2021, [18] [19] [20] on social media, [21] [22] [23] videos show stealing of post-2010 Kia vehicles and post-2014 Hyundai vehicles, without engine immobilizers, with a USB 1.1 A plug cable, or pliers. [24] [25] [26] [27] [28] [29] [30] [31] Kia started installing immobilizers in 2022. [20] [32]
Using a fake device sold on the dark web, thieves were able to steal vehicles by forcing the headlamps open and accessing the CAN bus, and then once on the bus, to simulate the signals to start the vehicle. The exploit requires enough time and privacy for thieves to remove vehicle hardware, sometimes bumpers, in order to open the headlights. [33] Possibly the only way to prevent this kind of event by determined and knowledgeable thieves would be for car designers to encrypt traffic on the CAN bus.
Hyundai Motor Company, often referred to as Hyundai Motors, and commonly known as Hyundai, is a South Korean multinational automotive manufacturer headquartered in Seoul, South Korea, which was founded in 1967. Currently, the company owns 33.88 percent of Kia Corporation, and fully owns two marques including its luxury cars subsidiary, Genesis, and their electric vehicle brand Ioniq. The three brands altogether make up the Hyundai Motor Group.
Kia Corporation is a South Korean multinational automobile manufacturer headquartered in Seoul, South Korea. It is South Korea's second largest automobile manufacturer, after its parent company, Hyundai Motor Company, with sales of over 2.8 million vehicles in 2019. As of 2015, Kia is owned by Hyundai, which holds a 33.88% stake valued at just over US$6 billion. Kia in turn is a minority owner of more than twenty Hyundai subsidiaries ranging from 4.9% up to 45.37%, totaling more than US$8.3 billion.
Motor vehicle theft or car theft is the criminal act of stealing or attempting to steal a motor vehicle.
A self-driving car, also known as a autonomous car (AC), driverless car, robotaxi, robotic car or robo-car, is a car that is capable of operating with reduced or no human input. Self-driving cars are responsible for all driving activities, such as perceiving the environment, monitoring important systems, and controlling the vehicle, which includes navigating from origin to destination.
A remote keyless system (RKS), also known as remote keyless entry (RKE) or remote central locking, is an electronic lock that controls access to a building or vehicle by using an electronic remote control. RKS largely and quickly superseded keyless entry, a budding technology that restrictively bound locking and unlocking functions to vehicle-mounted keypads.
Tesla, Inc. is an American multinational automotive and clean energy company. Headquartered in Austin, Texas, it designs, manufactures and sells battery electric vehicles (BEVs), stationary battery energy storage devices from home to grid-scale, solar panels and solar shingles, and related products and services.
An immobiliser or immobilizer is an electronic security device fitted to a motor vehicle that prevents the engine from being started unless the correct key is present. This prevents the vehicle from being "hot wired" after entry has been achieved and thus reduces motor vehicle theft. Research shows that the uniform application of immobilisers reduced the rate of car theft by 40%.
KeeLoq is a proprietary hardware-dedicated block cipher that uses a non-linear feedback shift register (NLFSR). The uni-directional command transfer protocol was designed by Frederick Bruwer of Nanoteq (Pty) Ltd., the cryptographic algorithm was created by Gideon Kuhn at the University of Pretoria, and the silicon implementation was by Willem Smit at Nanoteq (Pty) Ltd in the mid-1980s. KeeLoq was sold to Microchip Technology Inc in 1995 for $10 million. It is used in 'hopping code' encoders and decoders such as NTQ105/106/115/125D/129D, HCS101/2XX/3XX/4XX/5XX and MCS31X2. KeeLoq has been used in many remote keyless entry systems by such companies like Chrysler, Daewoo, Fiat, Ford, GM, Honda, Mercedes-Benz, Toyota, Volvo, Volkswagen Group, Clifford, Shurlok, and Jaguar.
In-car Internet refers to Internet service provided in a car. Internet access can be provided by tethering a mobile phone, with a mobile hotspot, or with any satellite based connections, whether portable or built into the car. Built in systems have existed since 2008 and include:
The automotive industry in South Korea is the fifth-largest in the world as measured by automobile unit production and also the five-largest by automobile export volume.
A connected car is a car that can communicate bidirectionally with other systems outside of the car. This connectivity can be used to provide services to passengers or to support or enhance self-driving functionality. For safety-critical applications, it is anticipated that cars will also be connected using dedicated short-range communications (DSRC) or cellular radios, operating in the FCC-granted 5.9 GHz band with very low latency.
CarWings, renamed NissanConnect in 2015, and also branded as Infiniti InTouch is a vehicle telematics service offered by the Nissan Motor Company to drivers in Japan, the United States, Canada, Great Britain, and most other countries. It provides mobile connectivity for on-demand traffic information services and internet provided maps displayed inside select Nissan vehicles. The service began in December 1997, and was introduced with the name Compass Link, having been installed in the 1997 Nissan Cedric, Nissan Gloria, Nissan President, Nissan Cima, Nissan Laurel, Nissan Leopard and the Nissan Elgrand. Compass Link was a service provided by Compass Link Co., Ltd. which was also offered to Mitsubishi and BMW vehicles in Japan beginning January 2000.
Hyundai Blue Link is a vehicle system that uses a mobile app from Hyundai to allow the user to retrieve information about their vehicle and perform basic remote operations. Blue Link functionality varies based on the type of vehicle as well as the type of cell service modem the vehicle is equipped with. In the United States, the Blue Link system debuted on the 2012 Hyundai Veloster as standard equipment and has become an available feature on most Hyundai models sold since then. The service currently costs $99 a year and can be used for roadside service, performance information, and remote start, stop, and lock/unlock features.
CarPlay is an Apple standard that enables a car radio or automotive head unit to be a display and controller for an iOS device. It is available on iPhone 5 and later models running iOS 7.1 or later.
The Kia Niro is a compact crossover SUV (C-segment) manufactured by Kia since 2016. It is an electrification-focused vehicle, offering three versions: hybrid, plug-in hybrid and battery electric variants.
In road-transport terminology, lane centering, also known as lane centering assist, lane assist, auto steer or autosteer, is an advanced driver-assistance system that keeps a road vehicle centered in the lane, relieving the driver of the task of steering. Lane centering is similar to lane departure warning and lane keeping assist, but rather than warn the driver, or bouncing the car away from the lane edge, it keeps the car centered in the lane. Together with adaptive cruise control (ACC), this feature may allow unassisted driving for some length of time. It is also part of automated lane keeping systems.
A compliance car is an alternative fuel vehicle that is explicitly designed to meet tightening government regulations for low-emission vehicle sales, while the automobile manufacturer restricts sales to specific jurisdictions to meet the rules, or limits production, or both.
The Kia Challenge is a viral TikTok trend to which a series of motor vehicle thefts is attributed, targeting Kia and Hyundai vehicles in the United States manufactured between 2011 and 2021. The trend, which began in October 2022, has led to eight fatalities, according to the National Highway Traffic Safety Administration.