/>
X

Top vehicle hacking examples (in pictures)

Researchers have demonstrated everything from running cars off the road to remotely controlling your brakes.
charlie-osborne.jpg
screen-shot-2018-10-20-at-15-30-54.png
1 of 8 Charlie Osborne/ZDNet

Jeep Cherokee

In 2015, a Wired journalist caught a ride with IOActive researchers Charlie Miller and Chris Valasek in a Jeep Cherokee. At 70mph, the car's air conditioning began blasting out freezing air, the radio switched station on its own, the windshield wipers turned themselves on with wiper fluid spurting, and then the car ran itself off the road.

screen-shot-2018-10-20-at-15-33-35.png
2 of 8 Charlie Osborne/ZDNet

Take away the brakes

The same researchers later performed a physical attack on the vehicle's CAN bus to seize control of the car's braking system and at only 25 mph, this was nearly enough to tip over the car.

screen-shot-2018-10-20-at-15-37-02.png
3 of 8 Charlie Osborne/ZDNet

Server errors, car theft

In 2018, researchers uncovered a bug in a misconfigured server run by Calamp that granted them access to backend systems of Internet-connected vehicle management systems provided by Viper SmartStart.

The team were able to locate vehicles, reset passwords, unlock side doors, disable alarms, start engines, and, in theory, could have stolen target vehicles.

screen-shot-2018-10-20-at-15-36-28.png
4 of 8 Charlie Osborne/ZDNet

Tesla key fobs and poor security

KU Leuven University researchers demonstrated how to steal a Tesla "in a matter of seconds" due to poor cryptographic standards used by Tesla key fobs.

screen-shot-2018-10-20-at-15-37-53.png
5 of 8 Charlie Osborne/ZDNet

OwnStar

Security researcher Samy Kamkar created OwnStar, a Raspberry Pi-based device which cost less than $100 to make, in order to show it was possible to abuse the OnStar connected car system to "locate, unlock and remote start any vehicle with OnStar RemoteLink."

screen-shot-2018-10-20-at-15-40-18.png
6 of 8 Charlie Osborne/ZDNet

No more airbags

Trend Micro researchers have been able to exploit a fundamental issue in how Controller Area Network (CAN) protocols operate, a necessary requirement for connected vehicles, in order to reprogram a car's infotainment system, disable airbags, tamper with locking systems, steal a vehicle, and more

screen-shot-2018-10-20-at-15-42-37.png
7 of 8 Charlie Osborne/ZDNet

Infotainment system compromise

In 2016, Computest researchers Daan Keuper and Thijs Alkemade revealed multiple vulnerabilities which were present in the infotainment systems of some Volkswagen and Audi vehicles which could be exploited to seize control of microphones, speakers, and navigation systems.

screen-shot-2018-10-20-at-15-43-03.png
8 of 8 Charlie Osborne/ZDNet

ConnectedDrive

A zero-day bug uncovered in 2016 by Vulnerability Labs affected the BMW web domain and ConnectedDrive portal, an area for owners of new, connected vehicles. If exploited, the bug could be used by attackers to change the vehicle registration numbers of cars.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Tech salaries, developer skills, cybersecurity, and more: ZDNet's research roundup
remote-working-from-home-man-employee-small-desk.jpg

Related Galleries

Tech salaries, developer skills, cybersecurity, and more: ZDNet's research roundup

8 Photos
Yubikey Security Key C NFC
Security Key C NFC

Related Galleries

Yubikey Security Key C NFC

8 Photos
First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

10 Photos
iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

5 Photos
OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

19 Photos
SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

10 Photos