Automakers are not well known for their expertise in embedded security with vulnerabilities surfacing for many models. Nick Bilton of the New York Times decided to investigate a wireless key vulnerability after his Prius was broken into with a mystery black box. The investigation sounded somewhat promising at first, but quickly deflated, ending at a point where he told us to put our car keys in the freezer.
The story originally unfolded on Twitter as Bilton posted about the break-in and quickly followed up he’d figured out a $100 broadcasting device allowed teenagers to break into his car so easily.
Locking the doors may not be enough to deter would-be thieves now, thanks to wireless technology.
This is the Renault Zoe. It’s like most EVs on the road, with its limited range, limited power, and limited usability.
Unlike the other EVs, however, the Zoe comes with DRM attached to its battery pack. In short: If you value your ability to drive the Zoe at all, then you will submit to a rental contract with the pack’s manufacturer. Should you fail to pay the rent or your lease term expires, Renault can and will turn your Zoe into an expensive, useless paperweight by preventing the pack’s ability to be recharged, consequences be damned.
It’s only the beginning.
A team of researchers at UC San Diego and the University of Washington, Seattle, has just published a paper titled “Comprehensive Experimental Analyses of Automotive Attack Surfaces“. Behind that dry title is a very exciting research study. In essence, they bought a modern reasonably-priced car with lots of fancy features, including a built-in cellular phone interface, and did a serious reverse-engineering exercise to determine whether it had any security vulnerabilities. It’s the most comprehensive study of its kind.