A Brief History of Hacking Internet-Connected Cars
And where we go from here
Vehicle hacking already has a 15-year pedigree. Though there are at least 36 million vehicles on the road today already connected to the internet, manufacturers appear to have learned little from the biggest security crises of the internet era. Cybersecurity is, yet again, a bolted-on afterthought rather than an integral part of the engineering of an interconnected vehicle.
Hackers started around 2002 by targeting engine-management technologies that control performance superchargers and fuel injectors. In 2005, Trifinite demonstrated using Bluetooth to surreptitiously intercept or transmit in-car audio signals. In 2007, UK firm Inverse Path showed how hackers could compromise the integrity of in-car navigation systems by sending fake traffic updates over FM, causing cars to reroute.
In 2010, experimentation was overtaken by more dramatic interventions that could affect the mobility of the car itself. In Texas, a disgruntled former car-dealership employee used stolen credentials to access a web-based vehicle-immobilization console and began systematically “bricking” cars that had been sold by his former employer.
It could be argued that this remote attack relied on an aftermarket vehicle immobilizer (implemented to “encourage” late-payers…