New research shows that hackers up to 10 miles away are capable of overtaking a vehicle’s control systems and other automated features. (Courtesy Photo)

New research shows that hackers up to 10 miles away are capable of overtaking a vehicle’s control systems and other automated features. (Courtesy Photo)

Dolan: Vehicles vulnerable to remote manipulation

This week’s question comes from John J. in the Mission, who asks:

Q: “I have been reading about the vulnerability of today’s modern cars. Is it true that they can be hacked and taken over? If they are taken over and a crash happens, who is responsible?”

A: John, your question is timely. There have been recent articles published about a remote take-over of a vehicle’s control systems by hackers 10 miles away. To date, there is no published case that has been brought involving such an incident, but this simply means that a collision as a result of a vehicle hacking has yet to occur.

For anyone who thinks this scenario is unlikely — or decades off — think again. Today’s vehicles incorporate a plethora of automated features such as adaptive cruise control, collision avoidance, lane assist, self-parking, automated braking systems, passive anti-theft system, tire pressure monitoring, remote starting capabilities, remote keyless entry, Internet applications, Bluetooth capability, GPS, Wi-Fi, OnStar an so on. If your car has any of these components, you are vulnerable. If you have Bluetooth capacity or Wi-Fi, your vulnerability rises exponentially as these features provide an access portal for external control of some or all of the computer automated systems in your vehicle.

Currently, there is no industry protocol relating to encryption or security for these systems. The vulnerabilities go far beyond our personal vehicles: they have implications for robotic devices and drones and, therefore, have the attention of the U.S. military.

On July 21, an experiment was conducted by a team of systems vulnerability and security analysts from a company called IOActive, which, over the last five years through a series of Department of Defense grants, has conducted research on the ability to gain remote control over a vehicle’s computerized control systems.

While a new Jeep Cherokee was driven by Andy Dreenberg, an author for Wired Magazine, at 70 mph on a highway though St. Louis, Charlie Miller and Chris Valasek from IOActive began turning on and off the air conditioner, manipulating the radio and the windshield wipers. All of this was done without them altering any of the vehicle’s hardware or having any hardware link installed on the car.

Miller and Valasek then upped the ante and completely disengaged the transmission causing a complete power failure. Dreenberg lost all ability to control the vehicle’s speed on a highway as an 18-wheeler came fast upon it. If that were not enough, Miller and Valasek made their likenesses appear on the vehicles navigation and control screen. Miller and Valasek were 10 miles away when they assumed all control.

This experiment is not isolated. Mission Secure Inc., a cyber-defense solutions provider, and Perrone Robotics Inc., a software developer for autonomous vehicles, working with the University of Virginia and the Department of Defense, also took over control of a vehicle. Then they demonstrated a prototype of a security system, called “Secure Sentinel,” which can sense a security threat to vehicles automated systems and engage a counter measure “faster than a human could.”

Perrone hopes to have a smartphone enabled version of Secure Sentinel available in 18 months.

The seriousness of this threat can be better appreciated by reading a February 2015 congressional study, commissioned by Sen. Ed Markey of Massachusetts, entitled, “Tracking and Hacking, Security and Privacy Gaps Put American Driver’s at Risk.” The study’s results were so alarming that on the same day, July 21, Sen. Markey introduced The Security and Privacy in Your Car (SPY Car) Act designed to craft and enact regulations to protect not only hacking of a vehicle’s control systems, but also to protect the privacy of drivers. This is because many of our vehicles, unbeknownst to most of us, regularly — and wirelessly — transmit data about how and where we drive to manufacturers and third parties, both of whom may use that information to engage in marketing goods, services and products to you.

Right now, given manufacturer’s knowledge of the inadequate security of their vehicle control systems and the threat posed by this weakness, it is quite plausible that a manufacturer could be sued for failing to install adequate cyber-security systems on its vehicles. That may be why Fiat-Chrysler, after vulnerabilities in the Jeep were exposed, recalled 1.4 million vehicles.

Christopher B. Dolan is owner of the Dolan Law Firm. Email questions to

If you find our journalism valuable and relevant, please consider joining our Examiner membership program.
Find out more at

Just Posted

San Francisco Police Chief Bill Scott leaves the scene of an officer-involved shooting at Brannan Street and Jack London Alley in the South Park area on Friday, May 7, 2021. (Kevin N. Hume/S.F. Examiner)
Chief Scott issues rare apology to man shot by SF police

Officer says he ‘did not intend for his firearm to go off’

Despite the pandemic, San Francisco has ended the fiscal year with a budget surplus. (Kevin N. Hume/S.F. Examiner)
Better than expected tax revenues leave city with $157.3M surplus for this year

As the fiscal year nears an end and Mayor London Breed prepares… Continue reading

Passengers board a BART train bound for the San Francisco Airport at Powell Street station. (Kevin N. Hume/S.F. Examiner)
BART bumps up service restoration to August 30, offers fare discounts

Rail agency breaks pandemic ridership records, prepares to welcome more passengers

Ashley and Michelle Monterrosa hold a photo of their brother Sean Monterrosa, who was killed by a Vallejo police officer early Tuesday morning, as they are comforted at a memorial rally at the 24th Street Mission BART plaza on Friday, June 5, 2020. (Kevin N. Hume/S.F. Examiner)
State Department of Justice to investigate Sean Monterrosa shooting by Vallejo police

Attorney General Rob Bonta steps in after Solano County DA declines case

Gov. Gavin Newsom, show here speaking at the City College of San Francisco mass vaccination site in April, faces a recall election due to anger on the right over his handling of the pandemic, among other issues. (Kevin N. Hume/S.F. Examiner)
Why Gavin Newsom’s popularity could work against him in the recall election

Top pollster: ‘We’re not seeing the Democrats engaged in this election. And that may be a problem…’

Most Read