Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Researchers say they’ve discovered a security flaw that can affect any vehicle featuring “controller area network” systems – AKA a “CAN bus” – which is basically the network that interconnects components in a car. The “CAN bus” interconnects things like parking assist features, electric windows, and engine control units.
Researchers say hackers can access the connection and bombard it with error messages until the system shuts down to protect its other components. An attacker can therefore theoretically switch off safety features like airbags, ABS brakes, power steering or perhaps even lock someone out of their car.
With advancing technology pushing for completely autonomous vehicles, there is a huge concern that hackers could completely take over and control all aspects of a vehicle, which is a very worrying thought.
Newer cars boast clever features to help drivers and passengers have more efficient and smoother journeys. For certain vehicles, drivers can even create profiles which stores their favourite songs, destinations and the frequency of a specific journeys. Although the risk of having personal information stolen is present, this particular flaw reportedly doesn’t allow someone to hack into a component to take control or steal information, but rather hit it with a “denial-of-service” attack.
Back in 2015, researchers Chris Miller and Chris Valasek managed to remotely hack into and take complete control of a Jeep’s radio, windscreen wipers and fluid, and air conditioning. Shockingly, the duo were also able to control the vehicles steering, disable its brakes and even turn the power off.
Thankfully, the vulnerability was easily patched up with a recall and updated software, but the design flaw is thought to still affect the “CAN bus” messaging protocol standard used in “CAN controller chips”. As such, even a recall may not be effective because the security flaw is “not specific to one vehicle model or its underlying electronics.”
Online IT and technology news platform ZDNet say this particular flaw doesn’t attack to inject a malicious command into the network, but rather targets how the CAN system responds to error messages. When bombarded by an excessive number of error messages it disconnects and disables the device’s functionality.
This was an intended design to stop malfunctioning devices from triggering other systems on the “CAN bus”, but is nevertheless a vulnerability attackers could abuse. It therefore seems paramount to create a layer of cybersecurity to prevent attackers from reaching the “CAN” system.
Security researcher Charlie Miller was part of the team who hacked into the Jeep warns that an intrusion-detection system is required, but noted that the system could find it difficult to distinguish between a genuine fault component and an attack on the system.
Researchers are reportedly working hard to fix the problem, but note that the vulnerability is a worldwide problem, so without global compliance, security may not be effective.
The U.K. government recently gave car companies the go ahead to test a number of self-driving commercial trucks on British roads. However, the government also apparently recognises the magnitude of the task ahead; trying to stop vehicles purely controlled by software from being hacked.
They published the “Key principles of vehicle cyber security for connected and automated vehicles”, and the principles read as follows:
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.