Any thing to worry about?

It's more likely an EMP could disable the ECU in your car than for someone to hack into and take control of it. And even then, that would be extremely unlikely, because an EMP strong enough to disable your car isn't easily achieved.

SCH-I535

 

Only worry if you are an important enough target that someone would go out of their way to break into your car without you knowing, install a device, and wait for you to drive away. You're not James Bond, don't worry about it.

Today's ECU's are much harder to hack than the computers that are in every car from the the early 80's to now. Give me a car from the 80's and 2 passive components that cost pennies and I can make it have a runaway throttle minutes after driving off. Of course the good 'ol cutting of the brake lines or car bomb is equally easy and much easier to pull off.

Once again this is just people in the media scaring people in the public with technology that neither understand.

If you want to be worried about hacking, what about the security free medical devices like insulin machines that people have implanted into them. With a simple wireless signal from 30ft away, anybody can cause it to release a fatal dose of insulin and kill the person. Or similarly cause heart pacers to stop working. Those are much more worrisome because the medical field is doing nothing with cryptography and is not even trying to protect their firmware. Any 2-bit hacker can kill someone. Danger is everywhere.

 

there's always somrthing to worry about, so, why worry?

 

Nothing to worry about yet, technology hasn't caught up with "remote" control on the Prius.
Think about it, firstly they have to get into the car, that's the easy bit, from then on it becomes very difficult. The next thing they have to do is power up the car to enable the CAN bus, this would be difficult enough without the key fob, made even more difficult by the fact that if they have just broken into the car the immobiliser would prevent this. Next, assuming they managed to power up the CAN bus by some method, they only had control of the steering and brakes, the engine management system is on a separate ECU, so unless they had the key fob to start the car, then all they can do is just sit there turning the steering and flashing the brake lights.

 

I'd worry more about the NSA monitoring where you are going than some kiddy hacker!

 

NPR's "Science Friday" had a story about this last week. Nobody has to break into a car at all. The vulnerabilities are in the Bluetooth connections. Once a hacker is able to get into the system via Bluetooth, they can hack their way into a whole mess o' things. The hackers they interviewed used a Prius and some model of Ford as examples.

While they didn't actually do it, the hackers Science Friday talked to specifically mentioned things like the Bluetooth connections between the tire pressure gauges and the car's computer, and how that would be an easy doorway.

Yes, this all assumes the car is up and running, but how easy would it be for someone to park next to you in a parking lot once you've pulled in or started up?

But as someone said, unless you're really important or James Bond, hackers have more lucrative places to go have fun.

 

Someone pulling up next to you in a car park are probably not near enough to connect to your car's bluetooth and even if they are, your car is going to ask if you want to pair with the other device, are you going to press "yes", I don't think so. Even then they have to enter the code to pair. IMO it's a no brainer.
The hacked Prius in question had most of the dash removed and a computer connected to the OBD connector according to Toyota. Another hacking method was to write code onto a music CD, that when played would effectively introduce a virus like program into the system controlling some functions, but again the car has to be up and running and someone has to put the CD in. There's a lesson in there somewhere, don't play pirated CDs and don't play your buddy's copied CDs in your car.
This method may also work from a USB stick I guess.

 

I think this "Car Hacking & Control" is more NSA theoretical than practical. I have been in the IT Security business for decades and it is always a "remote" possibility given that more and more of our car's operation is computer controlled. But one must remember, most of our car is in a "closed network" mode, meaning that one must connect to the physical wiring to access the computer programs, and have knowledge of the codes to change their operation. Examples of this access are changing the number of backup beeps, door lock features, etc using a specialized connection device and a terminal.

In general, computer hackers, IMHO, are money motivated. They would rather sit in the safety of their home or hotel rom and hack a thousands miles away over the internet. They can sit out front of a store and listen to a low security companies' WiFi for credit card transactions or place a hacked credit card reader on a POS or gas pump reader...so many ways to gather our payment cards that they can quickly turn into cash.

If one hacked into my Prius v's bluetooth by some chance of unattended automated pairing, they could only (perhaps) play their tunes on my radio or control the audio from less than the range of Bluetooth (<30 feet)... To think that one could quickly pair to my Radio/Navi unit, upload malicious code, and control the critical operations of a car, is quite a feat of "ifs"... I'm not saying that someday someone will demonstrate this in a controlled environment, but in real life, the chances of this are very very unlikely.

It is a far fetched theory that a talented hacker could create a CD with a boot sector virus even though MP3's/WMA do not carry malicious code nor do music CD's "boot". I would say a better realistic vector of attack would be to corrupt ones android or jail break iphone and then play fun with ones apps via entune.

About the only other hacking vector I will entertain is one obtaining a USB key from an untrusted source, like ebay for a unapproved navigational map update and this would brick the unit. This is one form of malicious hacking, but the hacker's goal is disruption, not control of the car.

 

I worry about everything.

And oddly?

I'm not worried at all about this.

 

You should be more worried if you have OnStar type system that someone can shut down your engine, deflate your tires or even throttle back the engine remotely.