Cars getting hacked is major news now, but don’t worry just yet

Cyber-security researchers Chris Valasek and Charlie Miller were in the news earlier this week after a Wired magazine story showed the two programmers access critical vehicle controls on a Jeep Cherokee that allowed them to remotely control critical vehicle functions. The Fiat-Chrysler group had already been alerted to the issue and were quietly offering a software fix to customers in a bid to not alert malicious hackers. However, Chrysler is not the first brand to be vulnerable to hacking, as Chevrolet and BMW were in the news for the same reason this year.

In the case of the Jeep, the car was hacked remotely while on the road through its Uconnect infotainment system, taking basic control of systems such as braking, transmission functions and steering. While Chrysler had already offered a fix for customers, they’ve now issued a formal recall to update the software on all models equipped with the 8.4-inch UConnect touchscreen infotainment system, mostly 2013 to 2015 models. The new software “insulates connected vehicles from remote manipulation.” As of July 23, the company also “fully tested and implemented within the cellular network” additional security to prevent access to many of a vehicle’s systems. It is unclear if UConnect systems in markets such as ours even have a “cellular connection” that led to the hack, but we believe GCC-spec cars may not be equipped as such.

Fiat-Chrysler says that it’s conducting this campaign out of caution now that actual hackers are aware of this issue and can take advantage. Beyond the demonstration of the hack in the Cherokee, the carmaker says that it’s unaware of any other reports of these attacks actually happening.

Earlier this year, a security vulnerability in BMW’s “Connected Drive” system allowed researchers to imitate BMW servers and send remote unlocking instructions to vehicles. The problem was discovered by the ADAC German motoring association, and was verified on several models of BMW cars. The attack took advantage of a feature that allows drivers who have been locked out of their vehicles to request remote unlocking of their car from a BMW assistance line. The issue also affects BMW subsidiaries such as Mini and Rolls-Royce, and left GCC-spec cars vulnerable as well.

The German carmaker has already started sending out software patches to all cars equipped with “Connected Drive” and said it hadn’t come across any cases in which the vulnerability had been used to unlock or attempt to unlock its cars. The fix adds HTTPS encryption to the connection, which runs over the public cellular network. The added encryption will not only safeguard the content of the messages but also ensures that the car only accepts connections from a server with the correct security certificate.

Also this year, the Software Innovation Division at the Defense Advanced Research Projects Agency, better known as DARPA, hacked a Chevrolet Impala while working on creating unhackable software code that could be used in military drones. In a segment for the 60 Minutes news show, DARPA reasearchers hacked into General Motors’ “OnStar” telematics system. After figuring out how to hook into OnStar’s emergency communication system, the research team inserted code that took control of the sedan’s other computers, giving they control of the car, like applying its brakes or even removing the ability to use the brakes.

There has been no recalls on GM vehicles regarding this in the States, but the OnStar system is not offered in the Middle East as far as we know.

Hacking into cars has been going on for years. Back in 2013, two hackers released code at the “hacker-fest” Defcon and demonstrated how it worked on a Toyota Prius and a Ford Escape. In all the above cases, it took at least a year to even come up with the code to hack these specific cars. Most require a direct wired connection for the hack to take place, while only cars with high-end infotainment systems are open to wireless hacks.

In the grand scheme of things, you’re more likely to have your credit card skimmed than your car hacked. Considering most mainstream cars don’t come with wireless connections in the GCC except for a few luxury brands, given the amount of work involved in hacking cars and with carmakers now taking security more seriously, we wouldn’t be too worried even if we had a new BMW. Yet.