Tech • IA • Crypto
What a Hacker Found Inside Our Cars
7/10TL;DR
Modern connected cars combine advanced safety features with exploitable digital vulnerabilities, enabling both sophisticated theft techniques and low-cost autonomous driving hacks.
KEY POINTS
Cars as software-driven systems
Modern vehicles rely on dozens of electronic control units managing everything from engine performance to safety features. These systems balance conflicting demands such as power, emissions compliance, and regulatory safety standards. The result is a highly complex, software-heavy architecture that has transformed cars into rolling computer networks.
Growing tension between security and control
Automakers increasingly lock down software and features to retain control over maintenance and revenue streams. This includes paid subscriptions for built-in features and expensive updates such as navigation maps. At the same time, regulations in regions like the European Union require repairability, creating friction between consumer rights and manufacturer business models.
Simple radio attacks enable theft
Many modern car thefts no longer involve physical break-ins but exploit wireless systems. Attackers can use signal jamming on common frequencies like 433 MHz or 868 MHz to prevent cars from locking. In busy environments, drivers may leave vehicles unsecured without realizing it, allowing quick access for theft.
Relay attacks bypass key security
Keyless entry systems are particularly vulnerable to relay attacks. Criminals use two devices to capture and retransmit signals between a car and its key, even from several meters away. This tricks the vehicle into believing the key is present, enabling unlocking and ignition without physical access to the key.
The CAN bus: a critical weak point
Once inside, attackers target the CAN bus, the internal communication network linking all vehicle components. Through the standard OBD diagnostic port, or even by accessing wiring behind headlights, attackers can inject commands to unlock doors or start the engine. This access effectively grants full control over key vehicle functions.
Unsecured sensors create new vulnerabilities
Mandatory systems like tire pressure monitoring sensors, required in Europe since 2012, can also be exploited. These sensors transmit unencrypted data, allowing attackers to spoof signals or inject malicious values. In extreme cases, this can trigger system errors or manipulate vehicle behavior through memory exploits.
Advanced scenarios extend beyond theft
These vulnerabilities can be weaponized in more complex contexts. Spoofed sensor data could force a driver to stop unexpectedly, while unique sensor identifiers may enable targeted attacks on specific vehicles. Such techniques have implications for military and high-security transport scenarios.
Open-source tools enable vehicle hacking
Platforms like Automotive Grade Linux (AGL) and affordable hardware such as Raspberry Pi allow enthusiasts to experiment with vehicle systems. By connecting to the CAN bus, users can analyze signals, identify control commands, and replicate vehicle actions such as braking or steering.
DIY autonomous driving for under $1,000
Open-source projects like OpenPilot demonstrate how these capabilities can be extended. Using a camera system and CAN access, users can build semi-autonomous driving systems compatible with over 300 vehicle models. These systems rely on community-shared driving data, with millions of kilometers logged globally.
A culture of modification and innovation
Car hacking builds on longstanding traditions in automotive tuning, where enthusiasts optimize performance through software adjustments. This culture parallels historical innovations, such as early car modifications during the Prohibition era, which eventually contributed to organized motorsports like NASCAR.
CONCLUSION
As vehicles become increasingly software-defined, they expose new security risks while enabling unprecedented user innovation, highlighting the urgent need for stronger cybersecurity alongside more open and repairable systems.