The notion that hackers could assassinate people in an instant is a favorite among conspiracy theories. The latest example: After the young journalist Michael Hastings died in a car crash last month, conspiracy theorists speculated that his car was deliberately hacked–that the crash was, not an accident, but an act of murder. It’s an insanely unlikely scenario, one that isn’t really worth entertaining except as a thought experiment. There is one tricky kernel of truth in it, though: car hacking is, in some forms, technically possible.
Most likely result of hacking attacks? A long weird call with AAA.Limitations first: hackers cannot magically gain control of a car. While cars are increasingly computerized, not every system involved in driving is hooked up to external controls. Let me repeat that for clarity: in almost every car currently on the road, it’s impossible to hack the steering. A hacker trying to kill someone via car can’t just take over and pilot the vehicle into a tree or off a cliff.
What could they do instead?
A list of potential attacks attempted by researchers at the University of Washington and University of San Diego can be found in a report here. Notable attack options fall into two categories:
Attacks that irritate or confuse the driver.
Researchers demonstrated that hackers could permanently activate the car horn, shoot windshield wiper fluid continuously, disable headlights, falsify the speedometer reading, increase radio volume, and turn off auxiliary lights. In testing, none of these attacks could be stopped by a manual override–which might be enough to cause a car accident on a dimly lit road at night. Alternatively, a well-timed burst of full-volume sound with cut lights and a wiper-fluid-obscured windshield could provoke a sudden accident, but that’s a lot of effort and leaves a lot to chance. Mucking about with the speedometer can cause problems, though a driver who can roughly keep up with traffic will be able to get by without it. Most likely result of these attacks? A driver would be annoyed, pull over, get out of the car, and have a long weird call with AAA.
Attacks that change the speed of the car.
Far deadlier are hackers manipulating brakes. In testing, the researchers demonstrated an ability to engage the left and right brakes of a car independently, as well as unevenly engaging right side brakes, and perhaps scariest of all, release all brakes and prevent braking. That, more than anything else, provides the real risk in a car hacking attack. A car that can’t brake is a hazard, straight-up, to the driver and everyone around them, but it’s not necessarily fatal unless it’s so well timed as to be a scripted moment in a Hollywood film.
While car hacking is potentially deadly, it’s a really, really uncertain way to attack someone. The effort involved in finding, hacking, and monitoring the car, and then picking the exact right moment to disable the breaks, make such an idea more like “Enemy of the State” than a real threat. It’s complicated and probably requires a surveillance team. Bullets are a usually but not always more reliable means, and they require much less planning and coordination.
Failing that, there’s always the option of poisoning by polonium-210, most famously used against an ex-KGB agent in London in 2006. If a car must be used, car-bomb assassinations have precedent both in the United States and abroad.