The world as we know it is changing every day. Over the past five years passenger vehicles have experienced a massive increase in connectivity, and the trend will only continue to grow with the expansion of the Internet of Things (IoT) and increasing consumer demand for all-connectivity. Cars have practically turned into giant smartphones on wheels surfing the roads of big cities. As a result, unfortunately, this opens a lot of possibilities for hackers, allowing them to gain access to critical systems remotely using wireless connections. So, if you ask yourself whether your car can be hacked and stopped while driving 100 km per hour, the answer is – YES! Looking back at the famous Jeep Cherokee hacking incident in 2015, it has brought massive attention from the press, the governments and consumers who were appalled by the incident. This has made car manufactures take security seriously.
So, what are the vulnerabilities that criminals can exploit to hack a car?
Let’s have a look at some surprising example weak points that hackers can use to get access to your car.
Security weak points
- Disabling brakes. You may think that you are in control of the brakes because you are physically in the car. Actually, it’s microprocessors in your onboard computer that send the signal that make your brakes work. Imagine hackers gaining access to your car’s onboard computer; they can manipulate the brakes and even stop the car. Moreover, this can cause tragic and even fatal consequences when driving on a highway or crowded road. For example, in 2010 a couple of security researchers showed that they could hack a Chrysler Jeep to hijack its brakes and transmission. Within just a few days Chrysler recalled over 1.4 million vehicles.
- Tire pressure monitoring system. Tire pressure monitoring systems tell drivers when their vehicle’s tires pressure is too low or too high, offering helpful early warnings to get service. But when attacked, hackers can trigger warning lights and remotely track vehicles through the monitoring system.
- Manipulating vehicle diagnostics. Repair shops and dealerships today largely rely on onboard vehicle diagnostics systems to perform the initial diagnosis of problems. Unfortunately, unscrupulous shops can manipulate your diagnostics system to make it appear that you need them to perform unnecessary repairs. That’s why it is important to use reputable trustworthy shops to avoid being tricked into unnecessary spending. In 2010 an angry employee hacked and disabled over 100 cars in Texas as revenge on his employer.
- Radio and GPS destination. Having access to your car system, hackers can manipulate your radio by switching it on/off, changing songs and radio stations. It can be quite scary. Or simply changing your GPS destination. It can sound like a naughty trick, but this can have serious consequences. For instance, one recent hack used a drone to access a Tesla infotainment system, from which they achieved access to the entire car.
- Air conditioning and heat control. Imagine driving on a cold winter day and suddenly being blasted by cold air with no ability to stop it. Not a very nice feeling at all, don’t you think? While this may seem less harmful, it may distract you while driving, thus causing an accident.
- MP3 malware. The music you listen to in your car stereo can actually hack your vehicle. No kidding! Downloaded music with malware can get into your car’s infotainment system and make its way into other systems, including those that control your engine or brakes. So be aware of the consequences when downloading something from unknown sources.
- Extended key fob range. Nowadays key fobs unlock vehicles when a person holding a fob is standing close to the vehicle. Nevertheless, car thieves can extend the key fob range with radio repeaters and unlock your car door when you are up to 30 feet away. Another well-known hack allows a Tesla Model X to be stolen with a simple Bluetooth arrangement. A piece of cake!
- Smartphone access. Smartphones connected to your car can be at risk, should hackers get into your vehicle’s system and find your connected mobile phone. In this case, they may gain access to your credit card information, passwords and financial data. Actually, the situation with smartphones can have a dual meaning. As smartphones can open doors for hacking your vehicle, as well as your hacked vehicle can lead to stealing sensitive data from your connected phone.
- Critical driving functions. Extra vulnerabilities open for hackers include control over the steering wheel, digital readouts for speed and fuel consumption, and the horn.
To sum up, as vehicles become more integrated into the IoT, the demand for security is growing. Security should be considered during development and not after the fact. Security architects and researchers should be involved to implement security measures. And automotive companies should understand that if applications for their cars can be exploited by hackers, this will have a negative impact and loss of reputation.
80% of cyberattacks happen at the application layer. Meanwhile, 90% of the IT security budget is spent on solving other security issues. Which leaves only 10% of the budget on application security contributing to 80% of the attacks. This needs to change!
Anastasiya Sasnakevich is a digital marketing specialist with over 5 years’ of international experience. Having worked in different fields, Anastasiya found herself in automotive semiconductor industry where she has been working for almost 2 years. She holds Master Degree in International Business and Economics from BFSU, Beijing, and an MBA in Digital Marketing and Business from EFAP, Paris.