For the past couple of months, the auto world has been obsessed with hackers -- and with good reason.
Like their drivers, cars now belong to vast online networks. Those networks provide plenty of benefits like navigation tools and infotainment, but they also provide opportunities for hackers to wreak havoc.
CHECK OUT: The 10 Most-Stolen Vehicles In America
Forensic consultants PT&C/LWG have analyzed network security features in late-model vehicles and come up with a short list of the most-vulnerable -- and least-vulnerable -- cars on the road. They also provide some handy tips to help drivers avoid being targets.
WHAT'S OLD IS NEW AGAIN
In some ways, the subject of network security seems very last century. It was a huge topic of conversation in the 1980s, as computers became ubiquitous in schools and movies from Weird Science to War Games featured teenage protagonists who could turn the world upside down with a few keystrokes.
Then, in the 1990s, came the internet boom and fears of identity theft. Suddenly hacking wasn't just a rare, wacky one-off occurrence, it was a real threat -- one that could ruin people's lives.
For the past few years, though, hacking hasn't been at the top of people's minds. Even in the face of high-profile security breaches at major retailers, we've become all-too-comfortable with living and working online. If you called someone a "hacker" a couple of years ago, many would've assumed you meant a lifehacker -- someone who'd figured out how to turn old newspapers into bespoke martini glasses.
Then came July, when reports surfaced that two good-guy hackers had exploited a weakness in Chrysler's Uconnect telematics system and taken control of a Jeep Cherokee. Other security holes were subsequently exposed in OnStar, Volkswagen's family of vehicles, BMW and Mercedes-Benz cars -- even the dongles used by many insurance companies and apps.
Clearly, no car is safe. But which, exactly, are the least safe? PT&C/LWG has drafted a list of their top five:
1. 2014 Jeep Cherokee: Hackers with the appropriate know-how say they've used Uconnect to access to the Cherokee's brakes, engine, steering, crash mitigation, and other systems. These vulnerabilities are why whiz kids Charlie Miller and Chris Valasek picked the Cherokee for their headline-grabbing demonstration. Fiat Chrysler has since recalled 1.4 million vehicles to patch Uconnect's security hole.
2. 2014 Infiniti Q50: The Infiniti Connection System gives access to keyless entry, adaptive steering, adaptive cruise control, and other systems.
3. 2015 Cadillac Escalade: PT&C/LWG says that the problem with the Escalade is basically the same problem formerly found on OnStar software. Specifically, "Bluetooth and telematics are on the same network as the engine controls, steering, brakes, and tire pressure monitoring system". Tinker with the apps or the telematics system, and in theory, you can tinker with any of those other systems, too.
4. 2010 & 2014 Toyota Prius: In the wrong hands, Toyota's Safety Connect System can serve as a gateway to the Prius' steering, brakes, keyless entry, and other systems.
5. 2014 Ford Fusion: Ford SYNC is the software that owners love to hate (like, really hate). According to PT&C/LWG, it's also the software system that provides hackers access to the Fusion's remote keyless entry.
At the other end of the scale, there are a few vehicles that have proven very difficult to hack, including:
- 2014 Audi A8
- 2014 Dodge Viper
- 2014 Honda Accord
- Tesla Model S