At the Black Hat hacker conference in dystopian Las Vegas, researchers Charlie Miller and Chris Valasek will soon present the latest in what appears to be their personal hobby of revealing how "smart car" digital interfaces can be hijacked by malicious parties to murder you. (They have good news, also.)
"The most hackable cars had the most [computerized] features and were all on the same network and could all talk to each other," Miller, a security engineer at Twitter, told Information Week's Dark Reading. "The least hackable ones had [fewer] features, and [the features] were segmented, so the radio couldn't talk to the brakes."
Based on this criteria, three cars topped their list of Most Likely to be Hacked: the 2014 Infiniti Q50, the 2014 Jeep Cherokee and the 2015 Escalade. The Infiniti Q50's system was determined to be the easiest, because nearly the entirety of its function operates off the same network—its Bluetooth, its radio, the engine, the brakes, and the car's telematics (i.e. the vehicular communications features that include on-board GPS, business-fleet tracking, proximity sensors, and other crap you don't need, and probably can't afford).
Prospective murders would need to be as close as a few meters away from these cars for certain attack vectors, but could be virtually anywhere while exploiting the telematics, the researchers say.
Known in Japan as the Skyline, the Infiniti Q50 is a compact four-door executive sedan that comes in a 3.7-liter V6 and a 3.5-liter Hybrid model, among many others. "The Q50 looks windswept, with a missile-shaped hood that accentuates its cab-rearward profile," a New York Times review marveled—before going on to call its operating systems "HAL-like." The Q50 retails for an MSRP of $45,105 USD, though it should be fun to try and talk the dealer down with all this new fear, uncertainty, and doubt. Splurge on an up-market tinfoil hat, so that the salesperson knows you're serious.
All in all, another rocky start to this inexorable march toward "the Internet of Things."
One upshot is that Miller and Valasek have also been working on a intrusion prevention system (IPS), with their prototype now finished, which promises to detect attacks via algorithm, and interrupt unwanted commands emanating from communications systems like the radio or GPS.
"It's a device you could plug into the car to stop any of the attacks we've done and that others have done," Valasek told Dark Reading.
But that's only part of the good news. The best news here is that you probably already knew not to buy the Infiniti Q50, because its queasily optimistic advertising campaign was already mixing technophilic boosterism with a disturbing vision of the future. Perhaps you recall squirming uncomfortably to this classic ad:
So, chances are that—if you own this car—you are the kind of credulous individual who is unlikely to be the target of any covert operations "wet work."
It's the militant Luddites and latter day Ted Kaczynskis you'll have to worry about.
[photo via Motor Trend]