From Apple CarPlay to Android Auto, parking assistance, internet connectivity, streaming media and traffic guidance; automotive technology continues to advance and serve as a computer on wheels for consumers. However, along with these exciting features comes the new need for protection from cybersecurity risks. Adding cars to the Internet of Things (IoT) will prove to be difficult and make vehicles a larger and more attractive target for cybercrime.
How do criminals hack into cars?
Criminals are able to spy on moving cars simply by driving near them and attaching to the car’s Bluetooth network. Electronics control the engine, transmission, chassis (brakes and traction), safety systems (airbags), diagnostics, navigation, climate, communication and entertainment systems.
In 2015, Charlie Miller, a security researcher at Twitter and Chris Valasek, director of Vehicle Security Research at IOActive, conducted a test when they remotely hacked into a Jeep Cherokee that was being driven by Andy Greenberg, author at technology magazine, Wired. Greenberg was driving 70 mph near downtown St. Louis, USA when the test hack took place. The vents in the car started pushing out cold air at the highest setting, the radio switched to a local hip-hop station and the windshield wipers turned on, all of which was done by Miller and Valasek. This test demonstrates how easy it is for hackers to gain access and manipulate a moving vehicle.
Efforts to protect cars
Car makers like Tesla and BMW have developed programs that instantly upgrade software in order to stay ahead of hackers, similar to how personal computer manufacturers operate. Tesla and General Motors have appointed cybersecurity officers to implement safeguarding the systems. Several companies are also investing more into testing, however, despite efforts to protect connected cars, they will truly never be completely safe from hacking. As with any other Internet of Things (IoT) device, as security becomes better, hackers become smarter.
What you can do right now
Consumer Reports advises drivers to do the following to protect their vehicles from potential hacking:
- Do not plug any unknown or unscreened devices into your car’s USB or OBD-II diagnostic port. This includes thumb drives used to store music. These connections could potentially introduce malware.
- Make sure to use a mechanic you trust. Your car’s diagnostic connection is a ‘vector’, meaning malware could be installed and could allow a gateway for a remote hack.
- If you feel that your car has been compromised, contact your dealership immediately.
Have you been affected by car hacking or another form of malware? Get in touch with us by tweeting @KrollOntrackUK