The CIA Allegedly Considered Connected Cars as 'Potential Mission Areas' for Hacking
Automakers are hurriedly trying to implement connected vehicle technology and autonomous solutions to entice consumers, though there remains an underlying phobia among the general public that isn’t without a basis in reality. Cyber security is considered essential to the evolution of self-driving cars and plays an equally important role in the vehicles of today that offer enhanced connectivity.
Since modern automobiles rely so heavily on computers, there’s a plethora of elements that hackers could target. However, these hackers don’t necessarily need to operate outside of the law.
Embedded in a WikiLeaks analysis of documents allegedly acquired from the Central Intelligence Agency is an apparent interest in hacking automobiles. The most terrifying takeaway from those files? The claim that the CIA could theoretically use the systems in modern passenger vehicles to conduct “nearly undetectable assassinations.”
The specific example given was a document citing cars using BlackBerry Ltd.’s QNX automotive software, which is used in more than 60 million vehicles.
CIA meeting notes specifically mention QNX as one of several “potential mission areas” for the agency’s Embedded Devices Branch. That branch is also alleged to have collaborated with United Kingdom’s MI5/BTSS to hack phones using Android and Apple operating systems, as well as Samsung’s Smart TVs. After being attacked with hidden malware, those devices could then be converted into listening devices or even controlled by a third party.
The notes that mention the car-based systems — dated October 23, 2014 — said that Blackberry hadn’t yet been notified of the branch’s work. The documents also do not specify if the CIA ever moved ahead with QNX as a hacking target.
However, we already know that modern vehicles can be hacked. Researches working with Wired gained digital access to a Jeep Cherokee in 2015 and managed control many of the car’s systems, including the throttle, brakes and steering. FCA then recalled 1.4 million cars and trucks, making it the first automotive recall ever prompted by hacking trepidations.
While there are over 10,000 files to sift through, Wikileaks has already alleged that the CIA developed what editor-in-chief Julian Assange considered an “arsenal” of malware to attack and control “all the systems that average people use”.
“Once the material is effectively disarmed, we will publish additional details,” Assange said.
U.S. federal agencies have launched a criminal investigation into the release of the documents.
A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.
More by Matt Posky
Comments
Join the conversation
You... You used stock imagery of that terrible Google invention, Angular.js, to depict hacking? Through the powers of the internet, you can even find the pull request that added that particular section. https://github.com/angular/angular.js/pull/1958/files Much better hacker images involve Googling "hacker stock image." My favorites are the ones of masked men with tiny hammers, threatening their own laptops.
I have an upcoming interview with an automaker for an in-vehicle cyber defense position. I may be the one dude who looks at this as a positive!