Hacking in the Automobile Industry

Published on:
Hacking in the Automobile Industry
Hackers can now take remote control of vehicles in motion by simply ensuring that the vehicle is connected to the internet.

For a fact, technology is shaping how industries that drive the economy operate.

We are now seeing an era where more and more enterprises are adopting digital methods of operations as compared to some years back where analog means were applied as the standard.

In the automobile industry, companies are designing and manufacturing vehicles of various types that rely more on technology than ever before.

In short, the process is getting more sophisticated as years go by—all thanks to technological advancements in the auto world.

Last year’s hottest technological innovations in the auto market that were launched by various companies span auto-stopping for pedestrians (Infiniti), autonomous driving (Ford), an arrival time notification system for kids (Lexus), satellite cars (Toyota), piloted driving (Volvo), among others.

However other companies have taken into account the innovations of different manufacturers. And in a bid to meet up with the rising level of competition, they tend to create better versions of already existing products.

Your TOR usage is being watched

In some cases, the end products meet the expectations of the consumer whereas in other cases, they do not.

Despite this, there are some common denominators that enable companies to develop better versions of their products.

For example, previous innovations in the automotive industry such as GPS tracking, in-car internet, parental control and the use of cameras have been applied to develop the latest inventions in the sector.

These features have apps created specifically for the end-function. And since they use the internet to perform certain operations, they are exposed to hacks just like any other device which is connected to a virtual network.

The Infamous Jeep Cherokee Hack

In the past, a few cases were cars had been hacked from remote attackers have hit the headlines. One of the most famous instances is the the remote hacking of a Jeep Cherokee that was covered by Wired journalist Andy Greenberg.

In reporting the story, Greenberg asked two cyber security researchers with hacking skills to breach the Jeep Cherokee’s system while he was driving on a highway.

The pair of hackers put to the task was Chris Valasek, director of the Vehicle Security Research wing at IOActive, and Twitter security researcher Charlie Miller.

Throughout the experience, a series of events unfolded until the Jeep eventually came to a complete halt. Greenberg refrained from touching the car’s dashboard the entire time to show he didn’t interfere with commanding the Cherokee’s performance.

First, the car began releasing cold air, an indication that the air control system had been compromised. Next, the radio system changed to a local hip-hop station and began playing music at relatively high volumes.

Efforts to minimize the volume bore no fruits whatsoever—a clear indication that the audio system was under the hackers’ control and that they had disabled some functionalities. The car’s windshield wipers also turned on, together with the wiper fluid.

The last step taken by the hackers was to stop the car altogether by disabling the accelerator.

The encounter, which Greenberg described as exciting and terrifying at the same time, was captured on video and compiled into a written story that was published onto Wired’s online channels.

It is important to note that in this case, Greenberg had offered to be part of the experiment conducted by the two cybersecurity researchers. And as such, he was notified and told to remain composed no matter what transpired.

Lock and Key
According to Wired, the recall is not actually about taking the car back to the manufacturer for fixing but updating the existing software with a new one.

In Greenberg’s feature story about the experience, he indicated that research on how to exploit the movable machine had been going on for over a year.

The type of hack orchestrated in this case is commonly referred to as a zero-day exploit where the developers of a system are unaware of the vulnerabilities of their creation, and then hackers take advantage and exploit the flaws before the developer becomes aware and fixes them.

In the case of the hacked Jeep Cherokee, the zero-day exploit enabled them to gain access to the car’s system through wireless means by ensuring that both the car and the computer device they were using to launch the attack were connected to the internet.

It would be a nightmare for any automaker to discover that their products had indeed suffered a zero-day hack because, technically, that means more work has to be done to ensure their customers’ safety by eliminating the vulnerability and keeping the vehicles safe from hackers.

The Jeep hack served as a wake-up call to other automobile manufactures. Three days after it was published, Greenberg’s piece in Wired prompted Chrysler to recall more than 1.4 million vehicles in order to fix the security vulnerability.

According to Wired, the recall is not actually about taking the car back to the manufacturer for fixing but updating the existing software with a new one.

Another Major Hack: Data Leaked Online

Another instance of a hack that hit the headlines is when data of over half a million tracking devices of cars were leaked online, perhaps the biggest data breach in the automobile industry.

The hack was discovered by researchers at cyber security firm Kromtech Security Center. Researchers found that the breach was the unfortunate result of a misconfigured Amazon Web Server.

According to the report by Kromtech researchers, the exposed details consisted of users’ login credentials which included emails and passwords, International Mobile Equipment Identity (IMEI) numbers of the GPS trackers, the Vehicle Identification Number (VIN) and all other data collected about the device.

As if that wasn’t concerning enough, the breach also revealed the exact location of the tracking device on the affected car.

For those with ill motives, it would have been easy to seize any available opportunity to collect the data and perhaps dispose it to car thieves at a lucrative cost.

The trackers, by default, offer details of the car’s exact location for the past 120 days, irrespective of whether it has been stolen or missing.

Such information may be relevant to the owners, but once third parties gain access to such data, then it brings into question the security of the owner or the safety of the car.

As such, it is the ultimate responsibility for service providers to ensure that their customers are protected at all times.

The careless exposure of such sensitive data is likely to cause customers to lose trust in their service providers because, in case of a breach of such magnitude, then their movements are ultimately exposed.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


  1. Anonymous

    Maximum Overdrive was before it’s time, wasn’t it? XD


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.