More cars than ever come with an internet connection as automakers prepare for the era of connected vehicles. These will be able to receive software updates, communicate with other cars and the surrounding infrastructure, and, ideally, make driving safer. But an internet connection poses security risks, and it's a real danger for cars. Last year, Mercedes announced it'd fixed 19 security risks in its vehicles, and a new report details them.
According to TechCrunch, the breakdown came from Minrui Yan, head of Sky-Go's security research team, during this year's Black Hat security conference. The team found 19 vulnerabilities in a Mercedes E-Class that gave researchers vast control over the vehicle. Researchers, forming an attack chain to exploit the security risks, unlocked the ability to tamper with the vehicle's TCU, the telematics control unit. The team could run vehicle commands, including opening the doors and starting the engine.
While that kind of access could have devastating consequences in the wrong hands, it wasn't easy for Sky-Go to penetrate the car's security. It took them more than a year of research before they could gain control of the vehicle, requiring the team to tear down the vehicle's embedded SIM card. However, according to TechCrunch, researchers said the car featured tight security that withstood several attacks.
However, nothing connected to the internet is impervious to vulnerabilities. Just this month, a teenager was able to gain control of high-profile Twitter accounts. It's doubtful your local criminal will compile a year of research to hack a car, but criminal organizations or governments may. As automakers cram more software and technology into vehicles, connecting them to the internet, the data they collect, and the vehicle systems they control become valuable. There'll be people seeking to exploit that. But it already sounds like hacking a car is a pain.