Follow us

Is it possible to cause the blackout by hacking 250k electric cars?

Detailed article about electric vehicles.

Published: July 27, 2021 By Darina Shramko

The electric car is a toy in the hands of the devil

Image source - Shutterstock

I suppose you have never thought about the fact that your car can become a deadly weapon in the hands of an evil genius. People live a carefree life, naively believing that emergencies and disasters exist only in a parallel reality, which can be read about in newspapers.

Of course, if you don't read the news, you can shield yourself from the real world for a while. But you will be able to live in rose-colored glasses exactly until the car in your garage unleashes a war. You think this is something unreal, yeah? Scientists say that hackers are capable of instantly gaining access to an electric car. It's a threat to humanity!

How hackers break into cars and what to do to protect electric cars from remote hacking - I'll tell you about this and much more right now!

 

Disclaimer:

All information in this article is presented for informational purposes only. Any illegal use or distribution of data from this article is prohibited.

How do hacking cars can affect the power grid?

I will tell you a short story about the US blackout caused by… trees. Yes, it is not an inspirational story.

It is usually about negligence and non-believe in potential catastrophe. This particular outage was caused by only one substation going failure-safe state, causing an initial 1500 MW disturbance for the US power grid. It should not be so deadly, but actually, it was.

Just in few minutes, the whole continent was affected because of the initial shortage of electricity in the grid.

Cascading effect and blackout diagram of US 2003 blackout

Image Source – medium.com

So, potentially 1500 MW would be enough to repeat this blackout. But we will think about 3000 MW for the sake of our estimation. Make it creepy.

So, in 2021, in the US are more than 1,5 Million hybrid or pure electric cars.

Each of these cars is capable of being recharged very quickly with an input power of about 20kWh. I should also mention that modern cars are able to sell electricity from their batteries to the grid.

Now, imagine that 20kW*250 000 cars = 5 GW outage will happen because of the common vulnerability on the car side to enable the recharging process, even if the battery is full, or initiate a frequent process charging and discharging.

Such disturbances are very credible and extremely destructive.

Can a car be hacked by air?

I know, at first glance, the idea of ​​remote hacking seems like something impossible. How can you steal a car without even touching it? We have all seen films where experienced burglars and ordinary amateurs fumble around the door of a car or knock out the glass to get into a car's interior. However, such ordinal hacking methods are fading into oblivion. Technology is advancing rapidly, and with it, attackers are sharpening their skills.

So, to steal a car, crime no longer needs to fiddle with alarms or break the glass. It is enough to find a victim − a brand new electric car, and arm you with the Internet.

So, the IP address, Bluetooth, drones, Internet access, and the autopilot system are all the burglars' tools. You see how simple everything is.

For example, computer security specialist Lennert Wouters from Belgium can hacks a Tesla Model X electric car using Bluetooth technology and a device costing about $1,300. Anyone can purchase such hacking devices. Such devices include several components, one of which may be computer-based on the Raspberry Pi module.

Raspberry Pi module

The cracking tool can easily fit into a backpack or small bag. Lennert explains that for a successful hack, a crime needs to get one piece - the ID number of the car. However, this should not cause difficulties for experienced criminals because the ID number can obtain through the windshield.

The hacking speed is impressive! With the necessary equipment and skills, the entire hack procedure takes about 90s seconds. Before you can blink, the criminal will gain access to your car. This method allows one to quickly break into a car and escape from the crime scene.

Of course, Tesla developers are constantly improving their cars to prevent all possible vulnerabilities. A month after the Tesla Model X hack, the developers released an update over the air that protects electric cars from hacking via Bluetooth.

However, Tesla is not the only electric car in the world. Attackers will not be very upset if they cannot hack only one model using Bluetooth because there are many cars, which means that the hijackers have much work.

Are electric cars so unreliable, and anyone can hack them? Programmers work every day to improve the security systems of electric cars to protect car owners from car theft. However, it is possible to hack into a machine, but only if you are a professional hacker. So, is an electric car that easy to hack? Let's figure it out together.

Is hacking cars a threat to humanity?

American scientists and experts claim that hackers can kill millions of people by hacking cars equipped with remote control functions.

Modern cars are a favorite toy for hackers, and the opportunity to hack cars can be used by enemy states or terrorists, turning cars into deadly weapons.

According to Justin Kappos, a computer security specialist at New York University, hackers can control any car released since 2005, but some released in 2000 are also in danger.

It's a problem of national security in many countries, the scientist said.

Any nation with the ability to launch a cyberattack can kill millions of civilians by hacking into cars.

− Justin Kappos, a computer security specialist.

He clarified that hackers can remotely access and disable the engine start, steering, and braking system of a car and block people in the car. The primary source of threat is the connected car to Wi-Fi, the specialist said.

His colleagues at Jorvik University in the UK recalled how, back in 2015, as part of an experiment, researchers remotely took control of the brakes, steering, and transmission of a 2014 Jeep Cherokee SUV. A few years later, a Chinese research team from Keen Security Lab could to remotely control a Tesla Model S.

After the break-in, the hackers could to remotely open the hatch, use the windshield wipers on the move, open the trunk, and even perform emergency braking. After this incident, Tesla said that the company's engineers were able to fix the vulnerability within ten days from the date of discovery and released the necessary update.

If five years ago hackers already skillfully coped with breaking into brand new electric cars, what can we say about today? Car owners report to the police daily about theft or attempted burglary. For example, more than twenty vulnerabilities discover in Mercedes-Benz E-Class vehicles. Most of the problems identified by information security specialists involved the telematics control unit (TCU) and backend servers.

Using an interactive shell with superuser rights, the researchers were able to access the TCU file system, which contained passwords and certificates for the backend server.

Experts were also able to access backend servers using an embedded e-SIM card, which are uses to secure connectivity vehicle identification and encrypt communications.

The problem was that the backend servers did not authenticate requests from the Mercedes me mobile app, through which car owners can remotely control various vehicle functions. According to the researchers, using this vulnerability, a hacker can block and unlock car doors, raise and lower the roof, turn on the headlights and even start the engine. It is worth noting that the specialists failed to hack any of the car's security functions.

Cybersecurity experts passed information about the discovered vulnerabilities to the owner of the Mercedes-Benz E-Class brand, and the vulns were fixed.

How to protect your car from hack

So, I have compiled for you some recommendations that will help protect your electric car from burglary.

  • Don’t lose contact with the car manufacturer. Register on your car manufacturer's website to provide the necessary contact information about your car. After all, it is the only way employees can contact you and inform you about the availability of software updates.
  • Remember the VIN code of your car. You will most likely find your VIN on the driver's side of the vehicle in the lower-left corner of the windshield. If not, check the driver's side door pillar or your vehicle registration card.

    Location of the VIN code in the car

  • Update the vehicle software. Out-of-date software can contain bugs that hackers can use to steal your car. Just as you check your computer for software updates, be sure to stay tuned to notifications from your automaker and remember to update your vehicle software as soon as a related update is released.
  • If possible, turn off Bluetooth and Wi-Fi in your car. An open wireless connection allows criminals to connect to the vehicle's system and control the equipment.
  •  Hide your car's Wi-Fi password. Don't store the recorded access password in the car's glove compartment. Otherwise, the hijacker will be very happy to find such valuable information.
  • Scan USB sticks before connecting to the car. The USB drive may contain malicious code designed to compromise your vehicle. Therefore, be sure to scan any USB drive for possible viruses before connecting it to your car.

Hack a car is possible, but it's not as simple as you might think. Yes, we have disappointing statistics, but you shouldn't panic and give up driving a car. If you are aware of the risks and ways to counter hackers, you become virtually invulnerable. As a rule, car thefts provoke by the carelessness of their owners.

By the way, I would like to say a few words about the remote control of a car using a smartphone and possible risks.

Until recently, car remote control systems seemed fantastic, but today they are available to almost every car owner. Having installed such a system, you can control the car from the smartphone in the mobile operators' coverage area. Being a few hundred meters, you can open or close the central lock, start the engine, check the fuel level, etc. All of this is just a fraction of what the remote control system offers. The remote control software is compatible with all Android and iOS phones.

Yes, of course, it's convenient. However, if the smartphone is stolen, the crime will receive your car as a bonus. I highly recommend scanning your smartphone daily for malware and, if possible, not connecting to public Wi-Fi.

These simple tips will help you keep your car safe and sound!

Conclusion

Electric cars are the future that has already arrived. These machines are durable, fast, and environmentally friendly. They do not pollute the air, thereby saving our planet from exhaust gases. At the same time, electric cars can become a toy in the hands of the devil. There is nothing worse than the situation when you lose control of your car. Information security specialists quickly respond to incidents and do everything possible to prevent hacking and car theft.

However, the evil intentions of hackers never cease to shock with their cruelty, so programmers and engineers should always keep their fingers on the pulse to keep the cars and their owners safe and sound.

Is your car trying to kill you? Of course not! As long as automakers continue to take cyber threats seriously and update their software regularly, it's unlikely that someone will get a remote control for your car. But, like all computers, they are not immune to hacking. That is why I have compiled for you a list of recommendations that will help protect your car from break-ins and theft.

Electric cars are reliable and practical. Let's give automakers a chance to fix all the vulnerabilities and make the perfect electric car that will take care of the environment and our safety! I was glad to talk with you on such a topic and tell you in more detail about the problem of hacking cars. I am looking forward to our new meeting.

Take care of yourself!

Tags: 
Threats
Author
Darina Shramko
Cybersecurity specialist and researcher.

Leave a comment

click to select

1 comments for Is it possible to cause the blackout by hacking 250k electric cars?

Danil's picture
Hacking car

wow, I didn't even know what that even could be. Every day it becomes more and more terrible to live. I hope hackers will never do this on a large scale, or cyber savers will come up with a system that cannot be bypassed. This can lead to a large number of victims around the world. Thanks for a great post.