It’s not hard to see that cars are getting smarter as automakers compete to entice car buyers, but with the improvement of technology has come a big, modern day problem: car hacking. It’s reported that by 2022, 125 million cars will be connected to the internet. That forecast comes with new, sneakier ways to hack into vehicle systems, ultimately taking control remotely.
More than ever, car owners need to be proactive about their car’s cybersecurity. In this piece, we dive into how cars are being compromised and how you can avoid being hacked.
The first (and only) cybersecurity-related vehicle recall
In 2015, 1.4 million vehicles were affected by the first and only cybersecurity-related recall issued by Fiat Chrysler. Two security researchers, Charlie Miller and Charlie Valasek, took control of a Jeep Cherokee through its internet enabled entertainment system. Their discovery allowed them to control the vehicle remotely, gaining control of all mechanical aspects of the vehicle including the radio, air conditioning, engine, brakes and steering.
FIat Chrysler quickly issued a recall, but more importantly, this event was a warning to auto makers about new security concerns as cars continue to become more technologically advanced.
As a result of the recall, two senators introduced legislation, which is directed at the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish standards to ensure cybersecurity in cars. The bill establishes a rating system that informs consumers how well their vehicle protects their privacy and requires the disclosure of information related to cyber attacks.
How are cars hacked?
There are several cybersecurity threats to vehicles due to the introduction of high-tech computer systems in modern cars. Car hackers have made it easier to break into and take control of cars at a distance, which adds a layer of concern about privacy and safety for car owners.
Here are a few examples of ways hackers are surpassing cybersecurity walls to gain control over vehicles and how you can avoid being compromised.
Turning engines off
A hacker that goes by the name of L&M has cracked the code on how to turn off engines that are traveling under the speed of 12 MPH. The hacker discovered this through realizing that thousands of iTrack and ProTrack account users were using the default password for their GPS tracking software.
By guessing millions of usernames with the hopes that they’ll eventually guess correctly, the hacker instantly gained access to 27,000 accounts respectively.
How do you avoid the same thing happening to you? Always remember to use a secure password on your GPS tracking software.
Tracking your every move
In the same hack made by L&M, the hacker was able to track cars as they drove. This means that theoretically, the hacker could purposefully cause thousands of accidents around the world by tracking vehicles and turning their engine off at dangerous moments while driving.
This is a warning to all car owners to not only password protect your GPS tracking software, but to double check all location tracking third-party apps installed in your car’s computer system that could compromise your security. Therefore, when you purchase or lease a new car, make sure to change the password on everything.
Gaining entry into your vehicle
Even if you’re someone who routinely locks their car or has an automatic locking feature, that doesn’t mean that your car is protected against a burglary or car hack. Keyless car theft is becoming a big problem for communities worldwide.
More and more thieves are turning to cars with keyless entry to hack their way into vehicles. German researchers released a study revealing the method, which they tag the “amplification attack.” Their report revealed how thieves can gain access and even start vehicles who have their key fob in range to the car by amplifying the signal via relatively inexpensive radio devices.
This means that if your keys are located in your house and your car in the driveway, thieves can connect the two remotely and break into your car in a matter of seconds.
A highly recommended way to protect yourself against burglars from gaining access to your car is by either storing your keyless remote in the refrigerator or in a faraday bag (a bag that blocks signal from RF devices).
Controlling your car’s computer system
It’s no question that car computer systems are getting smarter with everything from voice-controlled activations and endless entertainment function, to self-parking and driving-assistance capabilities.
As car computer systems advance, hackers are figuring out more ways to gain control over vehicles remotely. These are a few hacking methods that are seen time and time again.
- WiFi network: Hackers can access your car through WiFi networks that either open or have the factory-set WiFi password.
- USB drive: USB drives, which are often used by drivers for entertainment purposes, can contain malicious code that attackers add prior to purchase, which is designed to gain access to vehicle computer systems.
- Car apps: Hackers can access cars by sending a request to a cloud service that’s connected to your car’s linked smartphone apps.
There are a few ways that can keep you safe from getting hacked through your entertainment systems. First, consider what kind of system a car has before you purchase or lease it. Next, always keep your software updated and scan all USB drives before using them in your car.
Accessing your diagnostics system
All cars and light trucks built and sold in the U.S. since 1996 are required to have an on-board diagnostics system, or OBD-II, which provides engine control and can diagnose engine problems. Over the years, OBD-II systems have become more sophisticated providing more control over the car, ultimately giving hackers who gain access to vehicles more control.
For mechanics to read the car’s diagnostics system, they plug in a device called a dongle. Hackers can access your diagnostics system by connecting to the dongle remotely through Bluetooth or WiFi, which provides them with a channel into your system.
To avoid having your diagnostics system compromised, install a OBD lock and research the safety features of the dongle before plugging it into your car.
How to prevent your car from being hacked?
Even if you keep tabs on recent car hacking trends and protect yourself against them, there are constantly new tactics that hackers are coming up with to not only gain access to your vehicle, but control it. To protect your car from being hacked and protect your safety, follow these four tips:
- Keep tabs on recalls from your car manufacturer
- Always update your car’s software
- Turn off your car’s WiFi and Bluetooth when you’re not using it
- Create a secure WiFi password for your car
What to do if you suspect that your car is being hacked?
If you have the suspicion that your car is being hacked, you’re vulnerable to having your safety compromised. Follow these five tips of you’re under the suspicion that your car is being hacked.
- Check for recalls by entering your car’s vehicle identification number (VIN) number through the NHTSA.
- Check for software updates by asking your technician or looking into the settings of your car’s computer system.
- Contact your auto manufacturer or dealer to notify them of your suspicion.
- File a vehicle safety complaint with the NHTSA.
- File a complaint with the Federal Bureau of Investigation Internet Crime Complaint Center (IC3).
Now that you’re aware of the ways your car could be vulnerable to a hack, check out our visual to learn more about each hack with prevention tactics.