Ask Hackaday: Does Your Car Need an Internet Killswitch?

Back in the good old days of carburetors and distributors, the game was all about busting door locks and hotwiring the ignition to boost a car. Technology rose up to combat this, you may remember the immobilizer systems that added a chip to the ignition key without which the vehicle could not be started. But alongside antitheft security advances, modern vehicles gained an array of electronic controls covering everything from the entertainment system to steering and brakes. Combine this with Bluetooth, WiFi, and cellular connectivity — it’s unlikely you can purchase a vehicle today without at least one of these built in — and the attack surface has grown far beyond the physical bounds of bumpers and crumple zones surrounding the driver.

Cyberattackers can now compromise vehicles from the comfort of their own homes. This can range from the mundane, like reading location data from the navigation system to more nefarious exploits capable of putting motorists at risk. It raises the question — what can be done to protect these vehicles from unscrupulous types? How can we give the user ultimate control over who has access to the data network that snakes throughout their vehicle? One possible solution I’m looking at today is the addition of internet killswitches.

The Scope of the Problem

[Chris] and [Charlie] remotely hacked into a Jeep, disabling its brakes remotely and sending it careening into a ditch.

As any hacker knows, a connected computer is a vulnerable computer. In vehicles, not only are the embedded systems connected to the internet, but they’re also capable of controlling vital safety systems. While many wrote off these concerns as unrealistic, the uncomfortable truth came home to roost in 2015. Security researchers [Charlie Miller] and [Chris Valasek] were able to remotely take control of a Jeep Cherokee, with just a laptop and a 3G data connection. The duo were able to scan the internet for further targets, and could even track various Chrysler automobiles around the country thanks to GPS and their in-dash entertainment systems.

This discovery led to the recall of 1.4 million vehicles, with Chrysler sending out firmware upgrades on USB drives to patch the vulnerability. Additionally, a change was made to lock down access to individual Jeeps over the Internet. This measure protects against the intrusion by itself, as the attack can’t proceed without a connection, a measure which will protect unpatched vehicles in the wild. This showed the value of cutting the data link in terms of making a vehicle resistant to attack.

While the hack was limited to Fiat-Chrysler automobiles fitted with Uconnect infotainment systems, it highlighted the broader risks to all connected vehicles. The fact that a hacker was able to remotely target a car over the internet, and interfere with the transmission, brakes, and other functions was a wake-up call for the industry. It made it clear to both automakers and the public that matters of cybersecurity are present on the open road.

A Potential Solution

Flawed code is everywhere, and it’s unrealistic to believe that automakers will ever be able to produce cars with zero vulnerabilities. While over-the-air updates and improved basic security practices will help stem the tide, there will always be the occasional zero-day exploit that sends everyone for a loop. For personal computers, this is considered an acceptable risk. However, a compromised car can put lives at stake. Additionally, while useful, an internet connection is not actually a requirement for a car to provide transportation.

Thus, a useful tool in defending against automotive cyberattacks could be a simple one — give the user the ability to disconnect the vehicle from the internet entirely. While this would shut down streaming radio services and certain other non-essential facilities, it would also make remote attacks impossible. All the tricky firmware hacks in the world are worth naught if you can’t make a connection to the vehicle to deliver the payload, after all.

In order to make this easy, vehicles could ship with an internet killswitch to shutdown all wireless and cellular communication to the vehicle’s systems. It would require a careful and considered design, and ideally would have a standardized form across manufacturers. Naturally, a concerted effort to educate the public in this device’s use would be required. Printing a small note in the back of a 200+ page manual simply won’t cut it.

Basic solutions exist to protect us against webcam hacks. A similar approach may be valuable in cars.

The benefits of such a device would be manifold, covering concerns of both security and privacy. In the event that an exploit is used in the wild, it would allow users to continue safely driving their cars while waiting for a patch to become available. Compare this to the current status quo where anyone wanting to disable wireless connections to their vehicle would need to navigate software menus different for each make (and possibly model) of vehicle, or go truly old school and start pulling fuses.

The simple fact is that the average person is unlikely to take their car off the road while manufacturers scramble to fix a problem; previous recalls have shown that people are complacent and will drive recalled vehicles with abandon. Some may even choose to drive with their car permanently offline, just in case — akin to those who tape over laptop webcams to evade snooping hackers.

Potential Downsides

Of course, there are potential drawbacks, too. Consumers are notoriously difficult to educate. It’s likely that many will inadvertently activate the switch, before rolling up to their dealership in a fury over their entertainment system which refuses to stream music, or fails to connect their phone for hands-free use. Any IT help desk worker will be familiar with the pain caused by hardware WiFi switches hidden on the sides of laptops, unbeknownst to hapless users. Additionally, if not placed in a clear and obvious location, or if the functionality is hidden deep in a menu system, many drivers will fail to use the system entirely.

Hacking one car is achievable; creating a zombie horde of vehicles remains unrealistic. That’s not to say nobody will try.

Despite this, it seems crazy that modern connected vehicles don’t have a way to quickly and easily shut down their wireless connections. In the same way the Firestone tyre controversy led to tyre pressure monitors becoming mandatory, it may take a widespread controversy to push governments into action. Short of driving around with a cellular jammer, there seems little the average motorist can do to protect themselves against vehicular cyberattacks. If automakers are unable to protect consumers, we may see the community find their own solutions, even if it’s as simple as not paying their cellular service bills.

In the meantime, we wait with bated breath for the next major automotive hack to hit the spotlight. Hopefully measures are in place sooner rather than later, lest we all succumb to hordes of zombie vehicles, a la the Fate of the Furious.

We’d like to hear what you have to say about. Do you think vehicles need a reliable way of toggling the data connections built into them? Is the automotive internet killswitch a reasonable option for mitigating exploits in automobiles or is it merely a bandage on a larger problem that’s not going away anytime soon? How do you think the average consumer would react to the appearance of an “internet off” button on the dashboard? Let us know what you think in the comments below.