easier to hack a car than a smartphone

The connected car is a risky car: Like a smartphone, a skilled hacker can attack it from a distance

We all realized that the car has also become a technological entity with the chip crisis, which has forced some major automakers to stop or slow down vehicle production due to lack of electronic components. Only cyber security experts have yet noticed that this technical unit needs to be protected from hacker attacks. We are not just talking about the thief who passes our car at night and with an unspecified radio device manages to open it and start it without touching a wire. We are talking about much more serious risks, for real “hacking”, that is, remote violations of the control systems that control the electronics in our most modern cars. Connected cars so that the hacking takes place at a distance, as confirmed by the striking gesture of this David Colombo, a very young German cyber security researcher of only 19, who in January 2022 in his small room discovered a way to hack Tesla: he managed to violate 25 in different countries of the world that give life to a real show consisting of opening and closing the doors, flashing lights, horns that sounded, stereos that turned on. An isolated case? No, according to a recent warning from the Israeli cyber security company Karamba Security.


The Israeli company believes that the risk of poor IT security in cars is much higher than that associated with smartphones. The reason is simple: hacking a car can do enormous damage, even directly killing one or more people. Just think of the fact that one of the most classic terrorist attacks is a car being launched at full speed against a crowd: it’s easy to make dozens of victims, with the driver usually dying in making gestures. Well, actually bad: out of the blue we could become, in spite of ourselves, the attackers hurling at full speed towards the crowd. At a time when dystopian TV series are the most popular, so how not to think of an even more disturbing scenario: the self-driving car (even semi-autonomous), which at some point no longer responds to our commands and walks, where the hacker says, remotely. At best it’s a kidnapping, at worst it’s a murder.


We are not yet (completely) at these levels. But we are driving in this direction with Android Automotive, which is already standard on more than one car model, and Apple CarPlay, which follows closely. Two doors that hackers could quickly exploit in the first place to gather valuable information about us: where we are and where we are going, first and foremost. To do what? Maybe to break into the house while we’re on vacation: the GPS says Puglia and the hacker know it, he just sold our position to the apartment rats. However, Karamba tells us between the lines what we do not want to hear: automakers tend to use hardware and software that is not sufficiently up to date because they have a slower pace of development than the electronics industry. The problem is that hackers are running just as fast as the electronics industry, updating theirs all the time take advantage of (ie illegal attacks) to the latest available version of the software or hardware.


Karamba brings the case of the hacked 25 Teslas to show how the automotive industry is making the same mistakes as the smartphone industry. In this particular case, the young Colombo exploited a vulnerability, not at Tesla, but at TeslaMate, a third-party software used by the most “nerdy” owners of Elon Musk’s electric cars to keep track of many car mileage and consumption statistics. . Technically: TeslaMate is a data logger. However, TeslaMate had a serious security flaw that allowed Colombo to “get inside” TeslaMate and soon after get to the heart of all Tesla’s software. The fault was therefore of TeslaMate, but the risk was of Tesla, and in fact no one today remembers 25 TeslaMates hacked by a German boy, but 25 Tesla turning on and off the headlights by themselves, no one will forget them for a while . while a lot.

Leave a Comment