Recent research has raised concerns about the ability of cybercriminals to hack in-car systems, such as engine control units and immobilisers. Results to the theengineer.co poll about cybercriminals hacking in-car systems revealed some interesting results. The overwhelming majority (63 per cent) said such criminal activity is a major argument against autonomous vehicle systems that are likely to be on our roads in the future. This appears to be a sensible response to the potential threat of criminals who might want to create chaos on the roads, either for the sake of it or to help facilitate a criminal act. Just over a quarter of respondents (27 per cent) believe the issue is mainly of academic interest and only 10 per cent think it’ll affect a restricted number of high-end vehicles. Some people beyond our poll respondents argue that automotive cybercriminality has gone beyond the realms of pure academic interest, pointing out that the number of cars vulnerable to such attacks is growing. The description of a report available on Research and Markets titled The Threat of Over the Air Hacking for Cars – 2013 states: ‘In the last few years there has been a rise in thefts of late-model cars where criminals have used hand-held tools, such as key programmers and immobiliser overrides, to steal them without needing the original key.

‘The speed with which these devices perform their attacks on the embedded software, via the OBD port, has transformed electronic theft from a minority method to, in some markets, the dominant method used by thieves to steal the most targeted models. ‘Vehicle manufacturers and their telematics service providers should take heed of emerging academic studies which have demonstrated that remote attacks can result in a criminal manipulating vehicle systems. ‘Reverse-engineering vehicle CAN messages, frequently to override security protocols, is already mainstream research for aftermarket companies. This level of knowledge, combined with any single exploitable weakness in the telematics platform, would provide an attacker with almost any remote control functionality they desire.’