Chrysler and Nissan are reviewing a report by cyber security experts, Charlie Miller and Chris Valasek that rates their vehicles among the three “most hackable” cars on the market, along with a General Motors model.
Each car was rated under three categories – attack surface, network architecture and cyber physical. A car’s wireless ‘attack surface’ includes the range of features that can be hacked, including Bluetooth, Wi-Fi, mobile network connections, key fobs, and tyre pressure monitoring systems.
The 92-page report released in time for the Black Hat hacking conference in Las Vegas concluded that Chrysler’s Jeep Cherokee (2014), Nissan’s Infiniti Q50 (2014) and GM’s Cadillac Escalade represent the biggest security risk to their drivers. Other poor performers included the Ford Fusion (2014); although its older sibling the Fusion (2006) scored well as did the Range Rover Sport (2010).
The report authors admit that they did not test the vehicles themselves and have cautioned that as they did not actually hack into the cars then even a car deemed “hackable” may actually be quite secure. Rather the report is there to offer consumers the first general benchmarks to compare cyber security in cars.
As the authors said in the report “This doesn’t mean that the most susceptible looking isn’t in fact quite secure (i.e. coded very securely) or that the most secure looking isn’t in fact trivially exploitable. But it does provide some objective measure of the security of a large number of vehicles that wouldn’t be possible to examine in detail without a massive effort,” the report said.
Chrysler spokesman, Eric Mayne said of the report that “Chrysler Group will endeavor to verify these claims and, if warranted, we will remediate them.”
Nissan said in a statement to Reuters that it was reviewing the findings, adding there is “no indication” that the authors tried to exploit any cyber vulnerabilities in the Q50.
General Motors has not commented.