As if there aren’t already enough cybersecurity threats looming in our daily lives, there’s one garnering an increasing amount of attention—car hacking. Automotive cybersecurity is a term for the tools and techniques used to protect the electronic systems of a vehicle along with the software, data, and more.
Below are the key things to know about car hacking, how much of a risk it is, and what can be done to prevent it.
What Is Car Hacking?
Car hacking is a concept that first rose to general consciousness in 2015. Chris Valasek and Charlie Miller remotely hacked a Jeep to show vehicle security vulnerabilities. Valasek and Miller were able to access the electronic control units of the vehicle, change dashboard functions, and even control the brakes and engine.
A modern car can have as many as 100 electronic control units, so there are a lot of different access points.
As a result, Chrysler issued a sweeping recall, but even so on a general level automobile makers might not be giving car hacking the attention it deserves, particularly since we’re in the era of the Internet of Things.
When Chrysler saw the results of the Jeep hacking demonstration, they sent USB sticks that had security patches to 1.4 million car owners.
They also instituted something called the “Bug Bounty,” which awards White Hat hackers $1,500 for letting them know about possible vulnerabilities. Tesla has a similar program, and they’ve paid hackers up to $10,000 for letting them know about vulnerabilities.
How Does Your Intenet Connected Car Get Hacked
Cars can be hacked in a variety of ways, including:
Bypass the Key Fob
Hackers can access a vehicle using keyless entry remotes, by making the car think the key fob is nearby. This would allow the hacker to unlock the car and activate the start button without the keys.
Professionals advise storing your keys in a bag designed to block radio frequencies to avoid this risk. Another way to protect against this is to install a steering lock device on your vehicle.
Break the Hotspot
Hackers can access a vehicle’s entertainment system, and updating your software system can help prevent this. If a car has a hotspot, as is the case with most entertainment systems, all a hacker would need is the IP address to access it and control the car’s computer systems.
3rd Party App Vulnerabilities
If you use third-party apps that are linked to your vehicle, hackers can break into your car’s systems. To prevent this, only use apps that have the security of two-factor authentication. Be careful when you’re downloading apps, too, because sometimes apps can be a source of a phishing attack.
Cars built after 1996 in the U.S. have something called the on-board diagnostics system. It monitors different data and can be used to figure out what happened right before a crash.
There’s a device called a dongle that has to be plugged into the OBD port, and that can send information about driving habits to a mobile device.
When the dongle is plugged in, hackers can connect to it through Wi-Fi or Bluetooth and then hack other systems of the car. You can protect yourself against this threat by using an OBD lock, which is pretty inexpensive and easy to use.
USB ports can be infected with a virus or malware, so if you plug them into your car, this could pose a problem. Don’t plug any unknown USB drives into your car to prevent this threat.
How to Prevent the Car Hacking
Other things to keep in mind to protect against this cybersecurity threat include:
- Turn off the Wi-Fi or Bluetooth when you’re not using it
- Scan any USB drives before you plug them into your car
- Provide your contact information to the manufacturer of your car so they can get in touch with you if there are security issues or updates they become aware of. You can also visit the National Highway Traffic Safety Administration’s recall page and type in your VIN to see if there are any current recalls for your vehicle type.
If you suspect an issue with your car, you should contact your local FBI office. It’s unknown whether car hacking will grow in severity and likelihood, but if it follows the path of many other cybersecurity risks, it could continue to become more problematic over time.
Recently A new Car Hacking Tool called PASTA developed by Toyota to test the security vulnerabilities.