I-Team: Could hackers target your car?

Byby Chuck Goudie and Ross Weidner WLS logo
Wednesday, September 24, 2014
I-Team: Can your car be hacked
The I-Team investigates how vulnerable our cars are to computer hackers.

CHICAGO (WLS) -- It's not just your credit card or home computer that are susceptible to hackers. The I-Team investigates a surprising target that's right in your garage. As we found behind the wheel with an automotive security expert, everything from your car's windshield wipers to the engine can be taken over by hackers looking to cause havoc.

Experts say the modern cars that fill our highways are really just computers on wheels. Now there's new concern that those computers are easy marks.

"There's inherent failures, or inherent security risks, if you will, that are available on all modern vehicles," says Robert Leale of CanBusHack.com.

The I-Team got behind the wheel with Leale, a security researcher who works with the auto industry to help carmakers secure their computer systems.

Leale showed us how all cars sold in the U.S. actually have a port that hooks right into their computer systems. It's designed for diagnostics at an auto repair shop.

But by accessing this system, hackers can take control not just of the car selected for this demo, but actually of any modern car from any manufacturer.

In an empty unused parking lot, the attack begins. During our demo Leale takes control of the windshield wipers, flashes and turns off the speedometer and instrument panel, and repeatedly invades the engine.

Experts warn that if software design vulnerabilities aren't addressed by manufacturers up front, once attackers infiltrate a car's computer system fixing a computer hardware flaw isn't as simple as a recall. It would take a total overhaul of a car's computer design.

"There's no solution," Leale says. "It will cost them billions of dollars to fix and that could potentially end a company."

Chicago-based security researcher Nicholas Percoco, who calls himself an "ethical hacker," tries to short circuit potential criminal car hackers. He's a part of a new online movement that targets public safety technology in an attempt to ensure critical systems such as transportation, public utilities, medical systems and even home appliances are less vulnerable to attack.

Their latest effort is an open letter calling on the automotive industry to prioritize digital security.

"Technology is advancing so quickly that our ability to secure it, is becoming a problem," Percoco says.

While the connection from the computer to the car in our demonstration was physically wired, experts warn that hackers could potentially use a car's wireless and Bluetooth connections to infect its operating computers or install a virus through the diagnostic computers at an auto mechanic shop to unknowingly infect countless cars while technicians just try to change the oil.

Researchers are particularly concerned about self-driving cars or automated components that should be a reality on the roads this decade, warning that without proper safeguards attackers could remotely gain control of a car and cause anything from traffic problems to serious accidents.

To read the open letter to the automotive industry in full, click here.