Highway to… hacked: cyberthreats to connected cars

[harlan4096]

Can hackers really hijack your car in 2025?
 
It’s been ten years since two researchers — Charlie Miller and Chris Valasek — terrified a Wired journalist (and then the whole world) with their remote hack of a Jeep Cherokee speeding down the highway. It played out like something straight out of a Stephen King novel — a possessed car gone rogue. The wipers started moving on their own, buttons stopped responding, the radio blasted uncontrollably, and the brake pedal went dead. We’ve covered that case in detail plenty before: here, here, and here.

Since then, cars have continued to evolve rapidly to integrate an ever-wider array of features. Digital electronics now control almost everything — from the engine and fuel systems to autopilot, passenger safety, and infotainment. That also means every interface or component can become a hacker’s entry point: MOST, LIN, and CAN buses, OBD ports, Ethernet, GPS, NFC, Wi-Fi, Bluetooth, LTE… But hey — on the bright side, the latest CarPlay lets you change your dashboard wallpaper!
Jokes aside, the most serious attacks no longer target individual vehicles, but rather their manufacturers’ servers. In 2024, for example, Toyota lost 240GB of data, including customer information and internal network details. A single compromised server can expose millions of vehicles at once.

Even the United Nations has taken note, and for once didn’t stop at “expressing concern”. Together with automakers, the UN has developed two key regulations — UN R155 and UN R156 — setting high-level cybersecurity and software update requirements for vehicle manufacturers. Also relevant is the ISO/SAE 21434:2021 standard, introduced in 2021, which details methods to mitigate cyber-risks throughout vehicle production. Though the above, technically, are recommendations, automakers have a strong incentive to comply: mass recalls can cost tens or even hundreds of millions of dollars. Case in point: following the incident mentioned earlier, Jeep had to recall 1.4 million vehicles in the U.S. alone — and faced a whopping $440 million in lawsuits.

Continue Reading...