Security researchers at Las Vegas’ Black Hat cyber-security conference this week will unveil a list of late-model automobiles most-vulnerable to hacking.
Charlie Miller of Twitter and Chris Valasek of IOActive will release an updated list of their most and least-secure cars on Wednesday, which the pair claim are vulnerable or immune to hacking through a car’s bluetooth connectivity, phone applications or telematic systems.
The list of the most-vulnerable cars includes the 2015 Cadillac Escalade, 2014 Infiniti Q50, Jeep Cherokee and Toyota Prius, while the most secure include the 2014 Audi A8, Honda Accord and Dodge Viper, according to an interview with the researchers in Dark Reading.
“A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes,” Black Hat’s description of the upcoming brief reads. “Unfortunately, research has only been presented on three or four particular vehicles. Each manufacturer designs their fleets differently; therefore analysis of remote threats must avoid generalities.”
The pair’s report will also assess automotive industry security as a whole and suggest changes to prevent such cyber-security vulnerabilities from being included in future production line models. The two have also built a device that prevents vehicle hacks by plugging into its internal network to monitor and block system changes. (RELATED: Hacker Says Passenger Jets Vulnerable To Cyber Attack)
Though the team did not physically test each vehicle listed, data about the vehicles’ capabilities were used to compile the list. (RELATED: MiniLock Seeks To Make Data Encryption Easy For The Average User)
“The most hackable cars had the most [computerized] features and were all on the same network and could all talk to each other,” Miller said. “The least hackable ones had [fewer] features, and [the features] were segmented, so the radio couldn’t talk to the brakes.”
“We can’t say for sure we can hack the Jeep and not the Audi, but… the radio can always talk to the brakes,” Valasek said, citing the Jeep Cherokee as an example.
Manufacturers including Ford and Chrysler have said they are working on new security features intended to address the problems of automobile cyber-security, which typically lags far behind consumer electronics with similar technology due to their longer development cycles. (RELATED: Ex-NSA Chief Keith Alexander Charges $1 Million A Month For Cyber-Security)