Tek Eye Logo

Tek Eye

Automotive Cyber Security Timeline

The Internet has become an important service for the operation of modern society, as important as energy distribution, water supplies, transportation infrastructure, and telecommunications networks. The Internet is spreading into all the devices we use, our houses are becoming smarter and the cars with drive are connected. However, as the previous decades of office-based information technology (IT) has shown, if something is connected to the Internet it becomes a target. Hackers probe the Internet to find exploitable weaknesses in the software and hardware that run the connected devices. This applies to the connected car, if a car is connected to the Internet then the car's systems need to be secure and able to withstand attacking attempts. This article explores automotive cyber security in the form of a timeline. It traces back from recent research into automotive hacking, to the beginning of the technology that enabled the emergence of the connected car. Reading this automotive cyber security timeline will provide a sense of the importance of vehicle cyber security research, and the technological advances that enabled the concept of connected cars.

Vehicle cyber security

A List of Events related to Vehicle Hacking

Car hacking has occured ever since digital electronics appeared in vehicles. Starting with chipping engine Electronic Control Units (ECUs) for more engine power and using laptops to alter digital odometers, through to researchers proving that unaltered cars can be hacked remotely over the Internet. This timeline, from the latest to the earliest, on car hacking looks at the key technologies and events that brought about the computerised car and how it can be hacked. If you have a suggestion for the timeline please send an email to dan@tekeye.uk.


February 2020 - The joint ISO and SAE international standard ISO/SAE DIS 21434 Road vehicles — Cybersecurity engineering reaches the Draft International Standard (DIS) stage.

https://www.iso.org/standard/70918.html


January 2020 - Using an image projector it is possible to fool camera based Advanced Driver Assistant (ADAS) systems into believing a ghost object, road marking or a person is present infront of the vehicle.

ADAS Phantom

https://www.nassiben.com/phantoms


November 2019 - Using Bluetooth Low Energy (BLE) as a vehicle identifier can lead to privacy and tracking issues, so Have a Tesla Model 3? This app can track its location.

https://the-parallax.com/2019/11/14/tesla-radar-model-3-phone-key-ibeacon/


November 2019 - Man pleads guilty to stalking and controlling ex-girlfriend's car with his computer

https://www.abc.net.au/news/2019-11-06/ract-employee-pleads-guilty-to-using-app-to-stalk-ex-girlfriend/11678980


September 2019 - As physical security is displaced by computer controlled security, a computer issue can affect lots of vehicle owners at once as when Tesla Owners Locked Out of Cars on Labor Day When Phone Key App Goes Down.

https://www.caranddriver.com/news/a28904319/tesla-owners-locked-out-of-cars-phone-key/


April 2019 - Fleet management apps are cracked, allowing data from thousands of accounts to be obtained and potential immobilisation of thousands of vehicles.

See: https://www.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps


May 2019 - Despite all the publicity on key fob relay hacks, they are still a weakness in vehicle security and this hack could take control of your Ford.

https://the-parallax.com/2019/05/03/hacker-ford-key-fob-vulnerability/


December 2018 - PAS 1885:2018, The fundamental principles of automotive cyber security. Specification - Published by the British Standards Institute (BSI), builds upon the UK Government's guidelines published in 2017.

https://shop.bsigroup.com/ProductDetail/?pid=000000000030365446


November 2018 - CarsBlues, A vehicle Bluetooth hack that exploits infotainment systems to allow for access to call logs, text messages and other privacy data.

https://www.privacy4cars.com/can-my-car-be-hacked/


May 2018 - Researchers find vulnerabilities in BMW head units and telematics ECUs using fake GSM base stations.

https://keenlab.tencent.com/en/2018/05/22/New-CarHacking-Research-by-KeenLab-Experimental-Security-Assessment-of-BMW-Cars/


August 2017 - The key principles of vehicle cyber security for connected and automated vehicles - The UK Government publishes cyber security guidelines for connected and automated vehicles (CAVs).

https://www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles

Key Principles of CAV Security


March 2017 - The WikiLeaks Vault 7 documents reveal that "As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks" and "The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations."

https://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-cia-documents-files-spying-car-control-hack-central-intelligence-agency-a7616851.html


September 2016 - Keen Security on Car Hacking Research: Remote Attack Tesla Motors

https://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/


November 2015 - Hackers Cut a Corvette’s Brakes Via a Common Car Gadget

https://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/


September 2015 - EPA, Learn About Volkswagen Violations. The US Environmental Protection Agency issues a notice of Violation to the Volkswagon Group over the use of a software defeat device for emissions testing. The manufacturer’s hack affects vehicle models from 2009.

https://www.epa.gov/vw/learn-about-volkswagen-violations


2015 - Hackers remotely kill a Jeep on the highway – with me in it, Wired

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Jeep Hack


2015 - Markey, Blumenthal To Introduce Legislation to Protect Drivers from Auto Security and Privacy Vulnerabilities with Standards and - Cyber Dashboard”, Senator Edward Markey

https://www.markey.senate.gov/news/press-releases/markey-blumenthal-to-introduce-legislation-to-protect-drivers-from-auto-security-and-privacy-vulnerabilities-with-standards-and-cyber-dashboard


July 2015 - Markey Report Reveals Automobile Security and Privacy Vulnerabilities, Senator Edward Markey

https://www.markey.senate.gov/news/press-releases/markey-report-reveals-automobile-security-and-privacy-vulnerabilities


2015 - Hackers Can Take Control of Cars From 3,000 Miles Away, NBC 4 New York

https://www.nbcnewyork.com/news/local/hack-a-car-computer-wifi-remote-vehicle-hacking-291272611.html


2014 - A Survey of Remote Automotive Attack Surfaces

https://ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf


2014 - Auto Alliance Initiates New CyberSecurity Forum, Automotive Information Sharing and Analysis Center

https://www.automotiveisac.com/


2014 - Most Hackable Cars, CNN Money

https://money.cnn.com/2014/08/01/technology/security/most-hackable-cars/index.html?hpt=hp_t2


2014 - The Robot Car of Tomorrow May Just Be Programmed to Hit You, Wired

https://www.wired.com/2014/05/the-robot-car-of-tomorrow-might-just-be-programmed-to-hit-you/


2014 - Open Garages

http://opengarages.org/index.php/Main_Page


2013 - Sen Markey (D-MA) Letter to GM

https://www.markey.senate.gov/documents/2013-12-2_GM.pdf


2013 - Jury Finds Toyota Liable in Fatal Wreck in Oklahoma, New York Times

https://www.nytimes.com/2013/10/25/business/jury-finds-toyota-liable-in-fatal-wreck-in-oklahoma.html


August 2013 - Adventures in Automotive Networks and Control Units, presented at DEF CON 21, PDF here.

https://www.theregister.co.uk/2013/06/25/miller_car_hacking/


2013 - Car Hacking Your Computer-Controlled Vehicle Could Be Manipulated Remotely, CBS

https://losangeles.cbslocal.com/2013/11/20/car-hacking-michael-hastings/


2013 - How to Hack Your Mini Cooper, Reverse Engineering CAN Messages on Passenger Automobiles, Jason Stags, Defcon 21

https://www.defcon.org/images/defcon-21/dc-21-presentations/Staggs/DEFCON-21-Staggs-How-to-Hack-Your-Mini-Cooper-WP.pdf


July 2013 - Researchers Charlie Miller and Chris Valasek control a Prius from a laptop, there are links to lots more car hacking videos in the Tek Eye article Car Hacking Videos

https://www.youtube.com/watch?v=oqe6S6m73Zw


July 2013 - It is alleged that the journalist Michael Hastings was killed via a car cyber-attack.

https://www.huffingtonpost.co.uk/entry/michael-hastings-car-hacked_n_3492339


September 2012 - UK Channel 4 News report on a, then, weakness in electronic car key fobs that allowed easy car theft.

https://www.youtube.com/watch?v=HuLKormzWE4


September 2012 - Korean researchers use a malicious Android app to control a car

https://news.sbs.co.kr/news/endPage.do?news_id=N1001370933


August 2012 - The first annual Cyber Auto Challenge takes place.

https://www.sae.org/attend/cyberauto/


2011 - Can Your Car be Hacked?, Car and Driver

https://www.caranddriver.com/features/a15124906/can-your-car-be-hacked-feature/


August 2011 - Comprehensive Experimental Analyses of Automotive Attack Surfaces, Center for Automotive Embedded Systems Security (CAESS)

https://www.usenix.org/conference/usenix-security-11/comprehensive-experimental-analyses-automotive-attack-surfaces


February 2011 - Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

https://www.ndss-symposium.org/ndss2011/relay-attacks-on-passive-keyless-entry-and-start-systems-in-modern-cars/


2010 - Security and Privacy Vulnerabilities of In-Car Wireless Networks, A Tire Pressure Monitoring System Case Study, Rutgers, USC

https://cse.sc.edu/~wyxu/papers/TPMSUsenix.pdf


2010 - Experimental Security Analysis of a Modern Automobile, Center for Automotive Embedded Systems Security (CAESS)

http://www.autosec.org/publications.html


2010 - Hacker disables more than 100 cars remotely, Wired

https://www.wired.com/2010/03/hacker-bricks-cars/


2009 - The Spirit of Berlin was an autonomous vehicle project by Freie Universität Berlin, started in 2007 for participation in the DARPA Urban Challenge as Team Berlin (a joint team by the Freie Universität Berlin, Rice University, Fraunhofer IAIS, and industrial partners Micro-Epsilon, Berlin Sciences, IBM Germany, IBEO), drivable remotely by an iPhone

https://www.youtube.com/watch?v=oHDwKT564Kk


2009 - Google's Self-Driving Car Project (renamed Waymo in December 2016)

https://en.wikipedia.org/wiki/Waymo


July 2008 - EVITA (E-safety Vehicle Intrusion proTected Applications) was a European project investigating improved vehicle security that ran till December 2011.

European EVITA Project

https://www.evita-project.org/


2007 - At CanSecWest RDS-TMC hacking is demonstrated: Satnav hacking made simple - Create your own traffic jam, bull fight or air raid, later demonstrated at BlackHAt and DEF CON 15

https://www.theregister.co.uk/2007/04/20/satnav_hack/


2007 - DARPA Urban Challenge

DARPA Urban Challenge

https://archive.darpa.mil/grandchallenge/


2005 - Defeating the security of RFID Chips in Car Keys and Gas Pump, John Hopkins University, Security Analysis of a Cryptographically-Enabled RFID Device

https://www.usenix.org/conference/14th-usenix-security-symposium/security-analysis-cryptographically-enabled-rfid-device


2005 - DARPA Grand Challenge

DARPA Grand Challenge

https://archive.darpa.mil/grandchallenge05/


2005 - Linux Bluetooth hackers hijack car audio – The Register reporting on the Bluetooth hack

https://www.theregister.co.uk/2005/08/02/car_whisperer/


2005 - Hacking the Hybrid Vehicle, Wired

https://archive.wired.com/science/discoveries/news/2005/11/69519


July 2005 - Vehicle audio eavesdropping and injection via Bluetooth using The Car Whisperer Linux software.

https://trifinite.org/blog/archives/2005/07/introducing_the.html


May 2005 - A Toyota vehicle was provide to F-Secure to prove that the Toyota and Lexus Bluetooth virus could not infect their vehicles. (Note the strange behaviour of the vehicle electronics at low battery levels. Could this ever be utilised to break a system?)

https://www.f-secure.com/weblog/archives/00000553.html


January 2005 - Unsubstanstiated claims that Toyota and Lexus navigation systems can be infected with a computer virus via Bluetooth.

https://www.scmagazine.com/home/security-news/mobile-virus-infects-lexus-cars/


June 2004 - A Bluetooth proof-of-concept worm (virus) named SymbOS.Cabir is announced.

http://virus.wikidot.com/caribe


February 2004 - The NY Times article DRIVING; Altering Your Engine With New Chips discusses pitfalls of changing the software in ECUs and some implications for vehicle damage.

https://www.nytimes.com/2004/02/13/travel/driving-altering-your-engine-with-new-chips.html


January 2004 - Chrysler offer Bluetooth in their UConnect telematics system (Intel X-Scale ARM CPU, Broadcom Bluetooth chipset, IBM ViaVoice software, and the QNX operating system).

https://www.pcmag.com/archive/the-bluetooth-car-117748


November 2003 Bluetooth vulnerabilities are published by security researchers Adam Laurie and Ben Laurie on bluestumbler.org (no longer available).

https://web.archive.org/web/20031118173621/http://www.bluestumbler.org/


September 2003 - In America Acura TL (Honda) cars are equipped with Bluetooth.

Acura TL

https://en.wikipedia.org/wiki/Acura_TL#2004


October 2003 - The UK Government made the The Road Vehicles (Construction and Use) (Amendment) (No. 4) Regulations 2003 banning driving whilst using of a mobile phone. Effectively mandating the use of hands free kit and thus phone to car links.

https://www.legislation.gov.uk/uksi/2003/2695/made


October 2003 - Orange UK (now EE) partners with Smart Automobile to offer a Smart City Coupe with Bluetooth hands free.

Bluetooth in a Smart Car

https://www.carpages.co.uk/smart/smart_orange_gets_smart_08_10_03.asp


May 2003 - Thailand's Finance Minister Suchart Jaovisidha is trapped in a BMW due to a malfunction of the vehicle's computer system.

https://www.theage.com.au/technology/computer-glitch-traps-thai-minister-in-bmw-20030513-gdgr7n.html


2003 - The NY Times story Gentlemen, Start Hacking Your Engines on ECU modifications and a full injection system control by a digital organiser (Palm Pilot).

https://www.nytimes.com/2003/01/09/technology/gentlemen-start-hacking-your-engines.html


August 2002 - A Forbes article How To Hack Your Car is on ECU programming. It includes comments on the lack of code security.

https://www.forbes.com/forbes/2002/0708/148.html


Start of the 2000's - The telematics solutions of ATX Technologies Inc., with Tele Aid, and General Motors with OnStar, have security weakness exposed (https://web.archive.org/web/20141023194256/http://silverstr.ufies.org/blog/archives/000455.html - Dana Epp - Security Expert) and are used for covert FBI surveillance.

https://www.theregister.co.uk/2003/11/20/court_limits_incar_fbi_spying/


1999 - The Mercedes S Class has Distronic, the World's first Adaptive Cruise Control (ACC) system (applying braking as required), and the Pre-Safe collision and avoidance response system.

https://en.wikipedia.org/wiki/Autonomous_cruise_control_system


1999 - The first Bluetooth specification is released.

https://www.bluetooth.com/media/our-history


1999 - Anderson on hacking lorry tachographs, On the security of digital tachographs

https://link.springer.com/chapter/10.1007/BFb0055859


September 1997 - Intel's Announces Connected Car Technology at IAA Frankfurt

At the Internationale Automobile Ausstellung (IAA) in Frankfurt, Germany chip manufacturer Intel reveals it's Connected Car PC:

"passengers in the Citroën Xsara are entertained by a DVD film with Dolby Surround Sound Stereo, while the RDS-Radio continually updates the driver with the latest traffic news. On request, the Connected Car PC picks up the travelers' incoming e-mail and, using a text to speech converter, reads it to them. Up to date information on weather, traffic and tourism can also be downloaded on demand by the Connected Car PC from the Internet"

https://www.intel.com/pressroom/archive/releases/1997/IC090997.HTM


1997 - General Motors Corporation offer Cadillacs with OnStar telematics.

https://en.wikipedia.org/wiki/OnStar#History


1996 - Only done 30,000. Honest, guv, car clocking has always been an issue, but using a laptop digital odometers can be altered.

https://www.independent.co.uk/life-style/motoring/only-done-30000-honest-guv-1345479.html


October 1992 - Third generation Mitsubishi Debonair limousine came with the world's first Lidar based distance warning.

https://en.wikipedia.org/wiki/Mitsubishi_Debonair#Third_generation


1987 to 1995 - The European Eureka PROMETHEUS Project (Programme for European Traffic of the Highest Efficiency and Safety) researched autonomous driving and related technologies with €749 million.

Self-driving S-Class


1980's - The early autonomous driving experiments using a Mercedes-Benz van equipment with machine vision led by Ernst Dickmanns.


Mid 1970's - In the 1970's Aston Martin began incorporating digital electronics into their luxury Lagonda car, the touch switches and LED displays only lasted to 1980 because of reliability issues.

Lagonda dashboard


Early 1970s - General Motors early computerised car experiments, The Feasibility of a Car Central Computer

GM Alpha

https://www.sae.org/publications/technical-papers/content/730126/


1960's and 1970's - Early experiments in self-driving vehicle's go back as far as the 1960's and originate from ideas for remote Moon missions.


1960's - ARPANET, from the Wikipedia article: The Advanced Research Projects Agency Network (ARPANET) was an early packet-switching network and the first network to implement the TCP/IP protocol suite. Both technologies became the technical foundation of the Internet.


1930's and 1940's - The Soviet Union used remote controlled tanks, the Teletank, during World War II.


1898 - Nikola Tesla's patent for a remote controlled boat, Method of and Apparatus for Controlling Mechanism of Moving Vessels or Vehicles, demonstrated wireless command and control of a machine at the 1898 Electrical Exposition in Madison Square Gardens. This event is discussed in the thesis I, Robot: Nikola Tesla's Telautomaton.

Tesla Boat

See Also

Author:  Published:  

ShareSubmit to TwitterSubmit to FacebookSubmit to LinkedInSubmit to redditPrint Page

markdown CMS Small Logo Icon ↓markdown↓ CMS is fast and simple. Build websites quickly and publish easily. For beginner to expert.


Articles on:

Android Programming and Android Practice Projects, HTML, VPS, Computing, IT, Computer History, ↓markdown↓ CMS, C# Programming, Using Windows for Programming


Free Android Projects and Samples:

Android Examples, Android List Examples, Android UI Examples



Tek Eye Published Projects