Ask Slashdot: Buying a Car That's Safe From Hackers?

An anonymous reader writes: I'm in the market for a new car, and I've been going through the typical safety checklist: airbag coverage, crash test results, collision mitigation systems, etc. Unfortunately, it seems 2015 is the year we really have to add a new one to the list: hackability. Over the past several weeks we've seen security researchers remotely cut a Corvette's brakes, shut down a Tesla's computer, unlock a bunch of cars, intercept Onstar, and take over a Jeep from 10 miles away.

So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?

Classic FUD

[Ecuador]

Unless you are someone important, people won't spend the significant effort required to hack your car. I would say you can probably avoid the seemingly quite inept "classic" US manufacturers, especially if you don't plant to do the usb upgrades etc that they might require if a remote exploit is found, but still it should be a minor concern. Ok, if you are paranoid get a Tesla, researches spent TWO YEARS and they ended up with an exploit that required physical access to a port inside the car, could at most turn of your engine (very gracefully in neutral and with you in full control) and could be instantly patched over the air...
Again, if you are some sort of a dictator etc I could see an intelligence organization with great resources finding a way to hack your Tesla if they have physical access to it, but it will still be cheaper and more efficient to just plant a bomb...

Re:Classic FUD

[gstoddart]

Well, that's one way of looking at it.

The other way is if this stuff becomes easy enough to become a cheap device or an app for your smart phone ... then the bad guy presses a button which says "all cars which are ready to be hacked please honk your horn".

Just like script kiddies and other scams, if it's lucrative enough, and easy enough, it'll happen. You don't have to be a high value target. If someone knows they can pop the locks on every Escalade in the parking lot, they're going to do it. And someone might just say "oh, fuck it, let's make all the Corvettes disable their brakes because it will be funny".

If the last decade or so has taught us anything, it's that if it can be hacked, it will be ... and if it's worth doing, it will be done.

Pretending like the security risks aren't real because you're a low value target ignores the fact that if there's money to be made. The more automated it can be made, the more it will happen.

As to the OP's question -- there is no standards body, everything is closed/proprietary, and the corporations aren't going to say up front "yeah, the following cars are totally hackable". They're going to hide this as much as possible.

I'm just not sure short of following every news story for every company and hoping and guessing you've got a hope in hell of finding this in a way that will be useful.

Right now, cars are pretty much like every other consumer device .. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. Which means they don't have a culture of security, accumulated best practices, or anybody telling them the minimum they're allowed to do.

If you're that worried about getting hacked, buy a car which is a few years old and doesn't have as much electronics in it.

Beyond that ... I'm not sure how you are going to know what's hackable.

Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.

Re:65 VW Bug

[bobbied]

Safe from EMP as well.

ANY car made today is going to be safe from EMP. They did a test a few years ago and found that out of 12 vehicles subjected to EMP events similar to what would be experienced form a nuclear device outside of the immediate blast damage area, only TWO showed any signs of being affected in any way. Both of those vehicles where "fixed" by turning the key off and then restarting them.

I conclude from this study that modern vehicles are pretty much immune to EMP for the most part. Most would not even notice the pulse and just keep going down the road. Some (Say 10%) would stop running and the majority of those would restart after being powered off. Chances are the number of vehicles needing repairs would be less than 1%.

So.... Just own two vehicles of different makes and chances you will be just fine.. At least as far as immediate transportation is concerned. Having electrical power at home IS going to be a problem though...

Re:65 VW Bug

There's no way at all to start the engine with a mechanical key any more.

My 2013 Fiat would disagree with you.

Re:Keep it locked wndows up

[WindBourne]

LOL.
Tesla is the ONLY car that was considered difficult to crack and very safe. In addition, they are the only ones that were willing to work with the crackers at fixing things.
And BTW, the other cars were cracked remotely. Tesla required not only physical access to the car, but the door had to be opened, and then you accessed the Ethernet via the side of the dashboard. And then and only then, were they able to shutdown the computer, not control things.

So, if tesla is the one that concerns you, well, no doubt you are still running XP and lower.

Re:90s - era luxury cars

[crashumbc]

My 2014 Subaru has them. I think your seat belts are broke.