Wikileaks' most outrageous assertion was that CIA operatives could remotely assume control of a car to trigger a crash, offering a means, Wikipedia claims, of "nearly undetectable assassinations."
The Washington Post today does a nice job of rounding up what the unconfirmed, leaked documents dubbed "Vault 7" say or don't say about hacking cars and what the real risks are. The CIA, which hardly has cornered the market on hacking the internet of things, reportedly has studied the means of infiltrating vehicle control systems, though assassinations are not actually mentioned. The more likely scenario: Vehicle infotainment systems could be tapped for the purposes of eavesdropping, much as the documents describe the ability to listen to conversations via the TV in the living room.
Fears of being hacked have been around ever since our cars became rolling computers, and as the Post points out, they are not unfounded. Reports of car thieves using laptops to steal cars have been kicking around for years, and white-hat research into hacking cars goes back at least to a 2010 study at the University of Washington. The biggest real-world example surfaced last year when a pair of hackers in Houston were accused of using FCA software on a laptop to steal vehicles, mostly Jeeps, that were spirited away across the Mexican border. Possibly 100 vehicles were stolen this way.
And the more connected you are, the more vulnerable you are, as Nissan discovered when it had to suspend its Leaf smartphone app for a time. Ditto for GM's OnStar app, which got some notoriety when the Defense Advanced Research Projects Agency (DARPA) used the app to hack a Chevy Impala for 60 MInutes.
The idea of remotely hijacking control of a vehicle is not so farfetched, as proven in 2015 when cyber-security researchers Chris Valasek and Charlie Miller said they accessed critical vehicle controls on a 2014 Jeep Cherokee via the infotainment system. This allowed the pair, without physical access to the vehicle, to remotely disable the brakes, turn the radio volume up, engage the windshield wipers, and tamper with the transmission. Further, their experiments allowed them to conduct surveillance on the Jeep, measuring its speed and tracking its whereabouts. The hack prompted Fiat Chrysler to recall 1.4 million vehicles.
And even the specter of remote-control vehicular assassination is not new. Wikileaks this week reiterated unsubstantiated claims that hacking was behind the death of journalist Michael Hastings, whose Mercedes struck a tree in Los Angeles in 2013 and burst into flames - the crash was at such high speed, the car's engine was ejected dozens of yards. Hastings, whose work included "The Runaway General," the 2010 Rolling Stone profile that cost U.S. Army Gen. Stanley McChrystal his job, had reportedly told a friend before the crash that he was "onto a big story." His death has generated numerous conspiracy theories, fueled in no small measure when former U.S. counterterrorism official Richard Clarke said the crash was consistent with a car cyber attack."
Assassination claims aside, today's Post article does a nice job assessing what real risks we might face with our cars' systems. (Presumably pretty low if we are not, say, international terrorists.) And it concludes by answering the question of what we can do about any of this. Which is: Not much.