Cars Were Not Hacked in LA Traffic Jam

Bernard Abbot, spokesman for CarISAC, an automotive cybersecurity consortium, told reporters today that none of the cars involved in the Friday night traffic jam on La Cienega Boulevard had been hacked. “There was no unauthorized access to the control systems of those vehicles,” he said; “They responded to legitimate commands in the way that they were designed to do. Automotive manufacturers take product cybersecurity very seriously.”

When contacted by this reporter about the above comments, Immanuel C. Securitage of ECS-CERT confirmed that his agency had found no evidence that any of the half-dozen vehicles that they had looked at in the incident had shown any signs of unauthorized access or malware. “We do not currently believe that they attack actually took place at the vehicle level” he told me.

A contractor working with ECS-CERT not authorized to speak to reporters told me that ECS-CERT was currently looking at HomeTrack GPS as the means to the attack that caused twenty cars to shut down at the Los Angeles intersection causing the traffic jam. “Company logs showed that on four separate occasions Friday night someone requested a listing of HomeTrack equipped vehicles in the area of the intersection,” he explained; “The last time, engine shutdown commands were sent to the thirty vehicles identified.” Investigators are currently looking into who had remote access to the HomeTrack GPS system.

When asked about that information, Martin Bishop, spokesman for GPS Affiliates the producer of HomeTrack GPS, replied that his company was cooperating with investigators but would not discuss the details of the ongoing investigation. He did say that: “We are very concerned about the ongoing release of sensitive corporate information that we have voluntarily provided ECS-CERT and are considering suing ECS-CERT for those releases.” He would not explain what sensitive information had been released.

Bishop did explain that the engine shutdown capability had been included in the HomeTrack GPS system at the request of law enforcement as part of a national auto-theft recovery program. It allows police departments to request shutdown of a vehicle that has been reported stolen and is under the observation of police at the time of the request. Typically, the police agency has requested the GPS location of the vehicle before the shutdown is requested. Vehicles can only be shutdown if they are traveling at less than 12 miles per hour or are stopped.

Internal procedures require confirmation of police involvement before either the vehicle location is released, or the engine shutdown command is sent. Bishop confirmed that neither confirmation was obtained on any of the vehicles involved in Friday’s incident.

CAUTIONARY NOTE: This is a future news story –