These Are the Nine Most Hackable Cars

Sami Haj-Assaad
by Sami Haj-Assaad
2017 Jeep(R) Cherokee Limited

Car hacking is something that’s becoming more and more concerning these days. Security researchers have found that certain cars have vulnerabilities that can lead to the driver losing control of their vehicle, but so far no real world cases of car hacking have been reported.

A report conducted in 2014 by security researchers Charlie Miller of Twitter and Chris Valasek of IOActive helped showcase these vulnerabilities and how certain car functions are tied to the various computers in the vehicle.

During the 2014 Black Hat security conference in Las Vegas, the pair presented their findings about various cars and how one could theoretically hack them. In particular, they looked at the in-car computer schematics to show how certain functions of the car are tied to others, like if you can hack the radio or bluetooth network, can you send messages to more critical components like the brakes or the steering? In some cases such issues were possible.

In one detailed case using a 2014 Jeep Cherokee, this is possible through “jailbreaking” the infotainment system, which is the process of overcoming a system’s security functions to run unsigned or malicious code. This can be done with a USB key plugged into the car, which identifies itself as an update.

Other cars, like that Audi A8, was applauded for having its network of critical driving systems and non-critical telematics systems on separate networks.

According to that report and Bankrate.com, these are some of the most hackable cars out there. Since the report is a few years old, these cars are all 2014 and 2015 model year vehicles, with a few exceptions. A few of these vulnerabilities have been patched in recent years.


Range Rover Evoque

This luxury crossover features several wireless networks that researchers say can be vulnerable to hacking including the InControl infotainment system app, Bluetooth network for phone pairing, the remote keyless entry key, the on-board cellular network and Wi-Fi radio.


Chrysler 300

One of the most publicized victim of the latest car hacking news is the Jeep Cherokee, which researchers used as their test vehicle. Many of the computers in the Cherokee find their way in other Fiat-Chrysler Alliance vehicles including the 300. The Uconnect infotainment system is the most significant vulnerability and has since been patched by the automaker.


BMW X3

Researchers suggest that the BMW X3 has a “large attack surface” meaning that there’s multiple ways to compromise the security of the vehicle’s computer systems. The BMW ConnectedDrive system can be exposed, leading someone to hack the cars Bluetooth system or on board Wi Fi.


Ford Fusion

Researchers claim that the older SYNC System in some Fords can be compromised, but haven’t mentioned anything about the new SYNC3 system. However, recent reports out of Germany have found that some hackers may be able to access the vehicle through a radio hack that mimics the owners key fob.


2010 Toyota Prius

Researchers also tested out older cars, including different model years of the third generation Prius. The 2010 model had some potential issues, like the Bluetooth, AM/FM/XM radio, remote keyless entry, cellular, proprietary radio and the Safety Connect system. Researchers also found that the Adaptive cruise control, the self-parking system and the pre-collision system also could be at risk.


2014 Toyota Prius

Like the 2010 Prius, the 2014 model year has some vulnerabilities too. In fact, a main issue is that the brakes and steering are on the same network as the Bluetooth, posing a significant risk if the Bluetooth is hacked.

Not surprisingly, an older Prius, the 2006 model, posed much less of a security risk.


Infiniti Q50

The Infiniti Q50 is a technological marvel, and includes a unique steer-by-wire system. However, researchers have found the tech-heavy Infiniti to carry a huge security risk, saying that within the Q50’s network of systems, the radio and telematic components are directly connected to engine and braking systems. This is a serious safety concern if the systems are ever compromised.


2015 Cadillac Escalade

OnStar, a service included on many GM vehicles has a number of benefits including remote unlock and ignition, a vehicle finder service and even a helpful concierge. However, because it runs on a wireless network, if it was ever compromised it could lead to serious exploits. Another concern is that the Bluetooth and telematics systems are on the same network as the brakes, steering and engine.


Jeep Cherokee

Researchers Charlie Miller of Twitter and Chris Valasek of IOActive first got hands on hacking experience with a Jeep Cherokee, and they’ve documented the whole process. While FCA has since updated and patched the exploits used by the researchers, the team have documented just what kind of access a hacker can have over a “jailbroken” car. The brakes, engine and steering systems can be exposed, leaving potential vulnerabilities in the driver assistance systems like adaptive cruise control, parking assistance, crash mitigation and lane-departure warning.

[Sources: Bankrate, Wired, ADAC, Survey of Remote Attack Surfaces]

Sami Haj-Assaad
Sami Haj-Assaad

Sami has an unquenchable thirst for car knowledge and has been at AutoGuide for the past six years. He has a degree in journalism and media studies from the University of Guelph-Humber in Toronto and has won multiple journalism awards from the Automotive Journalist Association of Canada. Sami is also on the jury for the World Car Awards.

More by Sami Haj-Assaad

Comments
Join the conversation
2 of 3 comments
  • Bernadete Bernadete on Apr 10, 2022

    You are giving Brasil as an example. Why? Have you been to Brasil? Have you been attacked in Brasil?

  • NBC NBC on Jan 30, 2023

    I sincerely believe that my car is being manipulated, I do not want to use the term hacked, as that makes it sound as if some person is sitting at some computer and hacked into your car and can manipulate things you are doing. My experience is this. I had an accident in 2017 I think it was, and after this incident after having that vehicle in the shop, I found that after months I expected things that were not damaged during the crash would be fine, I got my car back and the driver's seat was broken, the air no longer worked as it should and the nice added touch they added in was that my car was now under constant assault through the digital readings on my display the TPMS that then allowed those doing this to raise and lower my pressure readings as a form of harassment I now am certain of this. I have found that the temperature gauges also are used for the same purpose, and I have found that those doing this can in fact make the check engine light come on and they can make it go away as well as this has been done to me on many occasions, and I explored the possibility that it might have been something like a gas cap or oil change, and it was not, the light came on for a time around the same time that I was being harassed with the TPMS and it then disappeared with no action on my part. I have a 2017 Dodge Journey that was brand new when I was in an accident that hit the passenger side and did no damage to the seat, or the alarm system to my knowledge yet somehow after getting the car back with a working alarm this too was made to no longer work. These new vehicles not only are they vulnerable but I have since learned that like what is mentioned is that someone like an untrustworthy mechanic let's say can in fact do something to give the appearance that the person does not do regular maintanance for instance and then a check engine light comes on and the person is alerted to some expensive thing that needs repairing. I had this 2017 Dodge suddenly start leaking fuel at which point I was told by some person that witnessed it that it was the gas tank leaking only to find it was something else entirely that I went to have repaired at a cost of almost 800.00 for a 3 year old vehicle. Then, I found that after this, my gas levels could then be manipulated as well. I have since this repair been completely unable to get a full tank yet this thing overflows no matter what almost as though something was put in it to prevent me from filling it up or some other such manipulation to cause me to have to burn fuel faster and to have to get filled up more often. Sounds crazy I know, but I live in a place with hordes of mechanics and even at well known places I have been ripped off and lied to. I now have come across a well known mechanic on Youtube who says do not be fooled and most of these cars only need regular oil changes and cabin filter changes minor things like this and if someone is trying to tell you that you need these major things, they are trying to rip you off, I have been doing that for a while now, but of course this car like the Dodge Caravan seems to be quite vulnerable to external manipulation.

Next