The world as we know it is changing every day. Over the past 5 years passenger vehicles have experienced a massive increase in connectivity and the trend will only continue to grow with the expansion of the Internet of Things (IoT) and increasing consumer demand for all-connectivity. Cars have practically turned into giant smartphones on wheels surfing the roads of big cities. As a result, unfortunately, this opens a lot of possibilities for hackers, allowing them to gain access to critical systems remotely using wireless connections. So, if you ask yourself whether your car can be hacked and stopped while driving 100 km per hour, the answer is – YES! Looking back at the famous Jeep Cherokee hacking incident in 2015, it has brought massive attention from the press, the governments and consumers who were appalled by the incident. This has made car manufactures take security seriously.
So, what are the vulnerabilities that can be exploited to hack a car?
Let’s have a look at some surprising example weak points, which hackers can use to get access to your car.
Weak points, which hackers can use to get access to your car
- Disabling brakes. You may think that you are in control of the brakes because you are physically there, in the car. Actually, it’s microprocessors in your onboard computer that send the signal and make your brakes work. Imagine hackers gaining access to your car’s onboard computer; they can manipulate the brakes and even stop the car. This can cause tragic and even fatal consequences when driving on a highway or crowded roads. In 2010 a couple of security researchers showed that they could hack a Chrysler Jeep to hijack it’s brakes and transmission. Just within a few days Chrysler recalled over 1.4 million vehicles.
- Tire pressure monitoring system. Tire pressure monitoring systems tell drivers when their vehicle’s tires are too low or too high on pressure, offering helpful early warnings to get service. But when attacked, hackers can trigger warning lights and remotely track vehicles through the monitoring system.
- Manipulating vehicle’s diagnostics. Repair shops and dealerships today largely rely on onboard vehicle diagnostics systems to perform the initial diagnosis of problems. Unfortunately, unscrupulous shops can manipulate your diagnostics system to make it appear that you need them to perform unnecessary repairs. That’s why it is important to use reputable trustworthy shops to avoid being tricked into unnecessary spending. In 2010 and angry employee hacked and disabled over 100 cars in Texas as a revenge to his employer.
- Radio and GPS destination. Having access to your car system, hackers can manipulate your radio by switching it on/off, changing songs and radio stations. It can be quite scary. Or simply changing your GPS destination. It can sound like a naughty trick, but this can have serious consequences. One recent hack used a drone to access a Tesla infotainment system, from which access to the entire car could be achieved.
- Air conditioning and heat control. Imagine driving on a cold winter day and suddenly being blasted by cold air with no ability to stop it. Not a very nice feeling at all, don’t you think? While this may seem less harmful, it may distract you while driving thus causing an accident.
- MP3 malware. The music you listen to in car stereo can actually hack your vehicle. No kidding! Downloaded music with malware can get into your car’s infotainment system and make their way into other systems, including those that control your engine or brakes. So be aware of the consequences when downloading something from unknown sources.
- Extended key fob range. Nowadays key fob unlock your vehicle when a person holding them is standing close by. Nevertheless, car thieves can extend the key fob with radio repeaters and unlock your car doors when you are up to 30 feet away. Another well-known hack allows a Tesla Model X to be stolen with a simple Bluetooth arrangement. A piece of cake!
- Smartphone access. Smartphones connected to your car can be at risk, should hackers get into your vehicle’s system and find your connected mobile phone. In this case, they may gain access to your credit card information, passwords and financial data. Actually, the situation with smartphones can have a dual meaning. As smartphones can open doors for hacking your vehicle, as well as your hacked vehicle can lead to stealing sensitive data from your connected phone.
- Critical Driving Functions. Control over steering wheel, digital readout for speed and fuel consumption, honk the horn… These are some extra vulnerabilities open for hackers.
As vehicles become more integrated to the IoT, the demand for security is growing. Security should be considered during development and not after the fact. Security architects and researchers should be involved to implement security measures. And automotive companies should understand that if applications for their cars can be exploited by hackers, this will have a negative impact and loss of reputation.
80% of cyber-attacks happen at the application layer. Meanwhile, 90% of the IT security budget is spent on solving other security issues. Which leaves only 10% of the budget on application security which contributes to 80% of the attacks. This needs to change!