THE BLOG

How Hackable Are Cars?

06/23/2015 01:45 pm ET | Updated Jun 16, 2016

How hackable are cars?: originally appeared on Quora: The best answer to any question. Ask a question, get a great answer. Learn from experts and access insider knowledge. You can follow Quora on Twitter, Facebook, and Google+.

2015-06-17-1434510210-5096884-jasonlancaster.jpg

Like a lot of computer/software security discussions, there's "the realm of possibility" and then there's the real world.

In the realm of possibility, most cars can be hacked because their operational systems (eg the engine computer) and the infotainment systems (eg the part where you can plug in your phone to listen to music) share the same physical wiring and network system. They're not completely separated physically, so it's feasible for a team of computer and software experts to exploit these systems.

What's more, most automotive systems use a relatively simple network protocol that can be (relatively) easy to "listen" to and possibly override. You can get a basic understanding here: CAN Hacking: Introductions

But in the real world, the cost/effort involved in figuring out how to hack a car via the USB port in the console or Bluetooth connection seems to have little practical value. Here's why:

  1. Every automaker has their own proprietary systems for reading and checking data, and they tend to change these systems periodically. You *might* be able to figure out how to spoof the reading on the speedometer on a 2012 Camry, but there's no guarantee it will work on a 2013 or a 2011, and little chance the same method/code will work on an Accord or F150. Therefore, vehicle hacking is very time intensive, at least if you plan to do it at scale. It's not like computers, where 80-90% of them use the same exact operating system.
  2. There's error checking built into the engine and safety systems that would make it hard to - for example - "trick" the fuel injectors into running lean (and thus damaging the engine) because there are multiple data points collected at any given time. If you wanted to trick a vehicle into running lean and destroying itself, you'd have to spoof the signals from half a dozen sensors, and these spoofed signals would have to mesh with other signals in order to fully convince the engine computer that things were normal. It's not an impossible problem of course, but it's not an easy one.
  3. Connectors and various software 'handshakes' must be determined before you can exert any outside control. You can't just hook up to the OBDII port and get started. You've got to figure out how to 'connect' with the system like the tools used by the technicians (which are proprietary and which change regularly).
  4. In most vehicles, there's a mandatory wait time after connecting. Even if you have an official technician's computer, you have to wait a few minutes before you can make changes, read signals, etc. This is an anti-theft precaution that would make hacking that much harder, as you'd have to guarantee yourself access to the target vehicle for an extended period (unless you find a way to bypass the wait time, of course, which is probably easier said than done).
  5. What's the point? Hacking a car to make it easier to steal? There are tricks that don't require hacking. Hacking a car to make the engine destroy itself? I can destroy any engine with a common chemical and access to your oil filler cap. Hacking a car to make it unsafe to the driver? All it takes to make your car seriously dangerous is a lug wrench, a pair of pliers, and/or a cordless Sawzall and 5 minutes. No keys or vehicle interior access required.
Basically, hacking isn't a practical way to accomplish any of the dangerous things security experts are worried about. There are easier ways to destroy engines, endanger drivers, and steal cars, most of which require far less planning, effort, and expertise.

Hacking cars is a fun topic for a lot people, but I've never understood the concern expressed by various experts. If these people are really concerned about a hacker making vehicles unsafe, they should be warning the public about leaving their vehicle unattended. It doesn't take much to sabotage a car. All it takes are common tools and a tiny bit of know-how.

More questions on Quora: