If you purchased a new car in the past few years, chances are good that it contains at least one embedded modem, which it uses to offer some connected services. The benefits, we’ve been told, are numerous and include convenience features like interior preheating on a cold morning, diagnostics that warn of failures before they happen, and safety features like teen driver monitoring.
In some regions, connected cars are even mandatory, as in the European Union’s eCall system. But if these systems sound like a potential security nightmare, that’s because they often are. Ars has been covering car hacks for more than a decade now, but the problem really cemented itself in the public consciousness in 2015 with the infamous Jeep hacking incident, when a pair of researchers proved they could remotely disable a Jeep Cherokee while it was being driven, via an exploit in the SUV’s infotainment system. Since then, security flaws have been found in some cars’ Wi-Fi networks, NFC keys and Bluetooth, and in third-party telematics systems.
Toward the end of 2022, a researcher named Sam Curry tested the security of various automakers and telematics systems and discovered security holes and vulnerabilities seemingly wherever he looked. Curry decided to explore the potential holes in the auto industry’s digital infrastructure when he was visiting the University of Maryland last fall after playing around with an electric scooter’s app and discovering that he could turn on the horns and headlights across the entire fleet. After reporting the vulnerability to the scooter company, Curry and his colleagues turned their attention to larger vehicles.