How To Protect Your Car From Being Hacked
With tens of millions of computerized cars on the road today and an estimated quarter billion expected to be manufactured by 2020, the maintenance of your vehicle may soon hinge more on a software update than just a simple pop of the hood. While connected transportation offers motorists a range of conveniences and benefits, the growing reliance on online functionality may soon potentially open drivers up to new dangers.
In recent years, security and automotive experts have expressed increasing concerns about the threat of remote control tampering of vehicles by would-be hackers and car thieves. What vulnerabilities are hackers exploiting to gain access to these vehicles? How susceptible is your car to manipulation? And how can you protect yourself from the risks of tech-savvy tampering? In this post, we’ll talk about how car hacking is done, how manufacturers work to prevent potential exploits, and whether car hacking poses a tangible security threat to your vehicle.
What is Car Hacking?
Car hacking may sound like a crazy idea, something one might sooner see on a network television drama or major motion picture than in reality, but the effects of unauthorized trespassing and theft can be devastatingly real for anyone and everyone whose vehicle relies on technology. How is this even possible? The answer is simple: the Internet of Things.
To put it simply, the Internet of Things (IoT) is shorthand for the act of connecting any electronic device to the Internet and/or to each other. This include smartphones, refrigerators, wristwatches, toaster ovens and yes, even automobiles. While the notion of a computerized car may initially sound far-fetched, the reality is that nearly every car manufactured since 2006 incorporates some form of basic computer functionality. From dashboard-enabled GPS and satellite radio, to blind-spot warning signals and braking systems: your vehicle is just one big computer system with wheels and a motor.
This system is called a Controller Area Network, or CAN, designed to allow devices within the vehicle to communicate with each other without a host computer. But with any first generation technology comes inevitable glitches, design oversights, and usability exploits, as any early adopting tech enthusiast will tell you. With network security being the farthest thing from the minds of the engineers who initially designed these systems, it remains a possibility that hackers have the potential to access these vehicle systems remotely and bend them to their whim.
How is Car Hacking Done?
Back in 2013, security analysts Charlie Miller and Chris Valasek were awarded an $80,000 grant by DARPA to root out possible vulnerabilities in onboard automobile computers. What they found was alarming, though not unexpected. By dismantling and connecting their laptops directly into the onboard diagnostic port of a dashboard, the pair were able to successfully control the motor functions of a 2010 Ford Escape and a 2010 Toyota Prius from their backseats. Two years later, the pair were again successful in hacking a vehicle, this time remotely manipulating a 2014 Jeep Cherokee while mid-transit from the comfort of their couch, interacting with the Jeep’s electronic dashboard and choking the ignition while mid-transit on the highway.
Though these were controlled experiments, the message was clear: In the rush to heap lavish wi-fi functionality and amenities, several security loopholes were discovered across a suite of recent and upcoming models. With their wi-fi enabled Tesla models are particularly susceptible to these exploits, with Norwegian security firm Promon Technologies demonstrating the ability for hackers to steal vehicles via the use of malicious spyware apps. There are other means of accessing vehicles besides malware, like cloned RFID cards.
Here’s how they work: Key Fobs, which are used in vehicles with remote entry-locked security systems, use short range radio-frequency identification (RFID) chips to signals in order to unlock or initiate engine ignition. The car also has a chip to generate the same signal. If the two match up, then the car opens. Potential car thieves are known for using modified RFID emitters built with easily accessible components to clone RFID signals to access and steal vehicles, such as in the case last August when two car thieves who were arrested for allegedly stealing over 100 vehicles across the Houston, Texas area.
For more information on the topic, Argus Cyber Security offers an exhaustive breakdown behind the history and potential threats posed by car hacking vulnerabilities.
How Concerned Should You Be?
While all of this is interesting, we know what the biggest question on your mind is."How exactly does any of this affect me?” Should you be worried about your potential of being car hacked? What kinds of precautions can you take to be prevent this? When it comes to car hacking, it can be difficult to tell technophobic hyperbole apart from honest threat. As David Pogue of Scientific American so succinctly argues, no hacker has ever truly taken remote control of a stranger's car.
While Miller and Valasek did prove successful, it’s important to note that the vehicles that they tested their methods on were owned by them and no-one else, with months of research and reverse-engineering poured into every model. In short, it’s simply not possible for a complete stranger to hardwire their way into controlling your vehicle’s dashboard without you knowing. Likewise, when news of Miller and Valasek’s wi-fi security exploit was made public, car manufacturers issued recalls of several vehicle lines susceptible to the hack, most notably Fiat Chrysler with their recall of 1.4 million cars in 2015. If you’re interested in learning more about the models that were affected, Miller and Valesek released an 92-page paper documenting their process when they presented their findings at the annual hacker convention "DEF_CON" in 2014, although many if not all of the exploits listed within have been patched since its publication.
Even though the likelihood of having your car electronically hijacked is next to nil, the threat of your car being stolen still demands serious precautions. There are solutions to this, such as purchasing a protective pouch that will insulate your key fob’s transmission when not in use. If you’re not willing to go the extent of leaving your key fob in the freezer or wrapping it in tin-foil, nothing quite beats simply being cautious and aware of your surrounding when remote locking or unlocking your vehicle. If you’re looking for more ways to guard your vehicle against unlawful tampering or theft, the Federal Bureau of Investigation has released a public-service announcement detailing many of the risks associated with car hacking and some common-sense advice of how to prevent yourself from being susceptible to such attacks. Such points of advice include keeping your vehicle’s software up-to-date, be cautious of any connecting any third-party devices to your vehicle, and being wary of anyone who has had physical access to your vehicle (which you should be doing anyway).
All these precautions and more will go a long way to ensuring that your car is as hack-proof as possible!