Connected Cars: Going From Revolutionary to Risky

Tuesday, October 17, 2017 by Shira Caldie

From Apple CarPlay to Android Auto, parking assistance, internet connectivity, streaming media and traffic guidance, automotive technology continues to advance and serve as a computer on wheels for consumers.  However, along with these exciting features comes the need to protect from cyber security risks.  Adding cars to the Internet of Things will prove to be difficult and make vehicles a larger and more attractive target for cybercrime.  How do criminals gain access to cars?

How Criminals Hack into Cars

Criminals are able to spy on moving cars simply by driving near them and attaching to the car’s Bluetooth network.  Electronics even control the engine, transmission, chassis (brakes and traction), safety systems (airbags), diagnostics, navigation, climate and communication and entertainment systems.

Hacked Jeep

In 2015, Charlie Miller, a security researcher at Twitter and Chris Valasek, director of Vehicle Security Research at IOActive, conducted a test when they remotely hacked into a Jeep Cherokee that was being driven by Andy Greenberg, author at technology magazine, Wired.  Greenberg was driving 70 mph near downtown St. Louis when the test hack took place.  The vents in the car started pushing out cold air at the highest setting, the radio switched to a local hip hop station and the windshield wipers turned on.  All was done by Miller and Valasek.  The test demonstrates how easy it is for hackers to gain access and manipulate a moving vehicle

Efforts to Protect Cars

Car makers like Tesla and BMW have developed programs that instantly upgrade software in order to stay ahead of hackers, similar to how personal computer manufacturers operate.  Tesla and General Motors have appointed cyber security officers to implement safeguarding the systems.  Several companies are also investing more into testing.  However, despite efforts to protect connected cars, they will truly never be completely safe from hacking.  As with any other Internet of Things (IoT) device, as security becomes better, hackers become smarter.

What You Can Do Right Now

Consumer Reports advises drivers to do the following to protect their vehicles from potential hacking:

  • Do not plug any unknown or unscreened devices into your car’s USB or OBD-II diagnostic port. This includes thumb drives used to store music.  These connections could introduce malware.
  • Make sure to use a mechanic you trust. Your car’s diagnostic connection is a “vector”, meaning malware could be installed and could allow a gateway for a remote hack.
  • If you feel that your car has been compromised, contact your dealership.