Security flaw leaves cars vulnerable to being hacked
car hacking

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Security flaw leaves cars vulnerable to being hacked

Researchers say they’ve discovered a security flaw that can affect any vehicle featuring “controller area network” systems – AKA a “CAN bus” – which is basically the network that interconnects components in a car. The “CAN bus” interconnects things like parking assist features, electric windows, and engine control units.

Researchers say hackers can access the connection and bombard it with error messages until the system shuts down to protect its other components. An attacker can therefore theoretically switch off safety features like airbags, ABS brakes, power steering or perhaps even lock someone out of their car.

Car hacking worries

With advancing technology pushing for completely autonomous vehicles, there is a huge concern that hackers could completely take over and control all aspects of a vehicle, which is a very worrying thought.

Newer cars boast clever features to help drivers and passengers have more efficient and smoother journeys. For certain vehicles, drivers can even create profiles which stores their favourite songs, destinations and the frequency of a specific journeys. Although the risk of having personal information stolen is present, this particular flaw reportedly doesn’t allow someone to hack into a component to take control or steal information, but rather hit it with a “denial-of-service” attack.

Previous and ongoing research

Back in 2015, researchers Chris Miller and Chris Valasek managed to remotely hack into and take complete control of a Jeep’s radio, windscreen wipers and fluid, and air conditioning. Shockingly, the duo were also able to control the vehicles steering, disable its brakes and even turn the power off.

Thankfully, the vulnerability was easily patched up with a recall and updated software, but the design flaw is thought to still affect the “CAN bus” messaging protocol standard used in “CAN controller chips”. As such, even a recall may not be effective because the security flaw is “not specific to one vehicle model or its underlying electronics.”

Online IT and technology news platform ZDNet say this particular flaw doesn’t attack to inject a malicious command into the network, but rather targets how the CAN system responds to error messages. When bombarded by an excessive number of error messages it disconnects and disables the device’s functionality.

This was an intended design to stop malfunctioning devices from triggering other systems on the “CAN bus”, but is nevertheless a vulnerability attackers could abuse. It therefore seems paramount to create a layer of cybersecurity to prevent attackers from reaching the “CAN” system.

Intrusion detection systems required?

Security researcher Charlie Miller was part of the team who hacked into the Jeep warns that an intrusion-detection system is required, but noted that the system could find it difficult to distinguish between a genuine fault component and an attack on the system.

Researchers are reportedly working hard to fix the problem, but note that the vulnerability is a worldwide problem, so without global compliance, security may not be effective.

Cyber risks and autonomous vehicles

The U.K. government recently gave car companies the go ahead to test a number of self-driving commercial trucks on British roads. However, the government also apparently recognises the magnitude of the task ahead; trying to stop vehicles purely controlled by software from being hacked.

They published the “Key principles of vehicle cyber security for connected and automated vehicles”, and the principles read as follows:

  • Organisational security is owned, governed and promoted at board level
  • Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain
  • Organisations need product aftercare and incident response to ensure systems are secure over their lifetime
  • All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system
  • Systems are designed using a defence-in-depth approach
  • The security of all software is managed throughout its lifetime
  • The storage and transmission of data is secure and can be controlled
  • The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon