Riding in cars with hackers

By Cameron Abbott, Michelle Aggromito and Alyssia Totham

Ransom-based hacking techniques have primarily been limited to the intangible. We live in a world where unauthorised access to email accounts, bank accounts, and computer systems that may otherwise be private is no longer uncommon.

In some situations, hackers demand a lump sum in return for reinstating control of the accounts and systems to its owners and managers, and otherwise refusing to pay this ransom can likely leave our information and data at the mercy of hackers.

There have been several high profile cases of ransom-based hacking techniques where it was often more viable for the victim to pay the ransom, than to ignore the threat. After hackers locked a US hospital out of its IT systems, to regain access to patient records and internal operating systems the hospital was forced to pay US$55,000 to the hackers. In other cases, it might have otherwise been easy to ignore the demands of hackers if security systems could be upgraded and third parties – such as insurers – assisted with mitigating risks.

Imagine, however, that instead of threatening to take control of email accounts and other intangible products, hackers threaten to immobilise our cars. Tough luck if you rely on your car to get to work, or to drop off the kids at school, or to get to a medical appointment.

Critics may argue that the idea of a hacker immobilising a car is too sophisticated and beyond the capabilities of current-day hackers. You may even think this is just the domain of Hollywood movies like the Fast and the Furious franchise (not that we watch…actually never mind). However, the concept was put to the test by researchers at Pen Test Partners who demonstrated that by targeting a cars’ immobiliser – which functions to stop the engine of the car to prevent physical theft – they were able to immobilise 25,000 cars at once. This was independently verified as an accurate assessment.

A 2016 report has estimated that car data will be worth US$450-750 billion by 2030. The market for car data will only increase between now and then and so too will the ability to recognise and exploit its value. Unless security flaws are resolved, the vulnerability of this data threatens to disrupt everyday users from using their cars.

Would an impact on such tangible and functional aspects of our daily lives cause victims to respond more readily to ransom requests?

Copyright © 2019, K&L Gates LLP. All Rights Reserved.