14 DAY TRIAL // Following the report from two security researchers that Infiniti Q50 was among the most hackable three cars in a batch of 20 products, Nissan began investigating the claims of insecurity.
The two experts conducting the experiment are Charlie Miller, security engineer at Twitter, and Chris Valasek, director of Security Intelligence at IOActive. Apart from Nissan’s 2014 Infiniti Q50, they found that the systems of the 2014 Jeep Cherokee and 2015 Cadillac Escalade were also easy to hack.
The duo rated the cars on a scale from most hackable to least hackable and found the Infiniti Q50 to be on par with the 2015 Cadillac Escalade, making 2014 Jeep Cherokee the least secure car hackers could face, according to the study.
Nissan’s security team is set to evaluate the protection measures of the computer system on the Infiniti Q50 model. The report of the two security experts, titled “A survey of Remote Automotive Attack Surface,” has been published by Andy Greenberg.
Miller and Valasek said that the Infiniti model could theoretically be controlled from afar because bluetooth, telematics and on-board phone applications are not on a separate network than the engine and braking systems.
In return, Nissan is skeptical and defends by saying that they did not actually exploit the vehicle. However, even if the risk is theoretical, Nissan will probably try to find some flaws that hackers could take advantage of in their attempt to commandeer the car.
As for the cars that have been found to be the safest when faced with hacker attacks, the 2014 Dodge Viper, 2014 Audi A8 and 2014 Honda Accord were selected.
In their report, Miller and Valasek write that critical attacks on modern cars can be carried out in three stages, the first one consisting in the attacker gaining remote access to an internal network of the car; this is necessary because it allows injecting messages into networks that could control an engine control unit (ECU).
A compromised ECU receives and processes radio signals, and by injecting messages into the network, an attacker may be able to communicate with other control units, like those for steering, breaking and accelerating the vehicle.
“In some vehicles this may be trivial, but in many designs, the ECU which was compromised remotely will not be able to directly send messages to these safety critical ECUs,” says the report.
If the attacker manages to send messages to the desired engine control unit, the final step is to make the automobile obey their commands.