Car hacking could become a serious issue in the future. With cars becoming ever more connected to the internet with each new model, some theorize we risk a new type of carjacking. It is currently incredibly rare but has actually happened. Car engines can’t be turned off just yet, but break-ins using keyless entry is a reality. This would circumvent the security of your car and let would-be thieves empty your car of all your lovely possessions.
Keyless entry is not the only issue here for cars and not their only vulnerability. On the plus side, at present, you don’t need to fear for your physical safety. This is, not to say, it might not be in the future. Especially as hackers become more sophisticated. Let’s take a look.
[Image Source: Tesla]
Can your car be hacked?
Modern “smart” or internet connected cars most certainly can be subject to car hacking. But older cars are also vulnerable but to varying degrees. Andy Greenberg decided to become a guinea pig for a hacking experiment. Sitting on the back seat the two hackers had some fun with Andy with him behind the wheel.
The hackers managed to take control of this Ford Escape remotely. These guys have received funds from Defense Advanced Research Projects Agency (DARPA) to find security issues with cars. Seems the money has been spent wisely. They were successful in playing around with the dashboard controls and other minor systems like the fuel gauge. They were also successful in stopping the car’s brakes from working and mess around with the steering. Somewhat disconcerting.
The hackers are directly hooked into the car in this video but they have managed to do it remotely as well.
Can you protect yourself at all?
If you have one of those fancy, connected, app-enabled and keyless entry vehicles you are not entirely powerless. Mercury Insurance has conveniently produced a handy guide to help you find out your vehicle’s vulnerability. They even provide information to help you protect your car. They have a large selection of car makes and models on their database and provide you with a vulnerability check score out of 6. It bases the score on a series of hack entry points including wireless tire pressure, Bluetooth, navigation, key fob, in-car WiFi and multimedia systems. All potential entry points for car hacking.
You may think it’s just an issue for newer cars, but older vehicles can also be “hacked”. We checked an old 2003 VW Golf, for example, and found it had hack vulnerabilities through its fob system. Pretty scary. Though how much overall control a hacker could take remotely for the car is limited, they would be able to gain entry and even start the engine! Damn. Why not check your own car out to see how it shapes up.
The most common issue, by far, is unauthorized entry via your cars fob. Experts suggest protecting the fobs encryption by putting fobs in freezers or microwaves (basically things that act like Faraday cages), wrap them in foil or you can just buy a RFID key fob protector. The latter being the most secure, and frankly a less odd method. Plus you could damage the batteries or forget you put it in the microwave at 3 am in the morning.
Remove OBD II Dongles
On-Board Diagnostics (OBD) II Dongles are devices that some insurance companies provide to monitor your driving habits. For the “safer” driver it can reap lower premiums. They connect to your vehicle through a port on the underside of the steering column. This obviously provides a very tempting “back door” entry for potential hackers. When it’s not in use simply unplug it or have it removed altogether.
Become phishing resistant
Some cars can be started with your phone. If you can do this so can other people. Some researchers in Norway actually demonstrated this technique. They could steal all of the information to potentially drive away with your car using nothing but a cell phone over a public WiFi.
Phishing can be very convincing, but it’s fair to say most of you reading this should be pretty clued up on spotting them. In the Norwegian example, the researchers pushed an offer for a free burger at a nearby “Restaurant”. This was offered in exchange for downloading an app to the victim’s smartphone in return. This allowed them to access the car, a Tesla Model S no less, from the “infected” phone. Shocking.
Whilst the idea of someone gaining access to your car through car hacking, or worst, being able to control critical systems, is alarming, don’t panic. The real world threat appears to simply be from thieves getting in and taking stuff. They’re not likely to start shutting off engines mid-journey but could in the future drive your car away without you knowing. There would be little gain for them doing so unless of course, they wanted to create panic. To date, there have been no reported instances of this actually happening, or even attempted attacks. It is, at present, just a theoretical problem. At least for now.
The risk-reward from internet connected cars are currently far in favor of it. Internet-connected cars are invaluable and provide the user with very useful information from engine performance tracking and maintenance, and provide fantastic data for manufacturers to improve on their future models. They also help prevent accidents and offer in-car assistance for anything from breakdowns to finding the nearest fuel station. Whilst we could potentially face data theft, the overall trade-off is well worth the risk.
Vehicle evolution is not likely to slow down anytime soon. Built in diagnostics, tools and add-on devices, to name a few, will continue to develop and specialize. Manufacturers need to seriously think about the potential vulnerabilities to the vehicle they could offer in the future. Cars and light trucks today are loaded with wireless entry points for car hacking. Though the risk is low at the moment it’s certainly worth considering when you decide to purchase a new car.