It may sound like something out of a science fiction movie, but it’s a script that quickly becomes a reality. Cybercriminals are finding ways to circumvent the protection of your car security and infiltrate your vehicles.
However, this is not surprising, because modern cars are essentially computers on wheels. They are loaded with integrated electronic control units (ECUs) that monitor and control the main functions of the vehicle, including navigation, steering, brakes, entertainment and the engine itself.
So how can hackers control your car? And how do you protect your car from these criminals?
Automotive cybersecurity and the landscape of threats
Automotive cybersecurity is a branch of computer security focused on the risks associated with vehicles. The National Road Safety Administration defines it as:
Cybersecurity in the context of road vehicles is the protection of automotive electronic systems, communication networks, control algorithms, software, users and basic data from malicious attacks, damage, unauthorized access or manipulation.
As cars become more connected, they also become susceptible to cyberattacks. Although some significant car security incident is yet to occur, the potential danger is appalling.
According to storage from Upstream.auto, there were about 150 incidents in 2019. This number may seem insignificant on the surface; however, this represents a 99% increase in cybersecurity incidents in the automotive sector in the last year. Since 2016, the industry has achieved 94% growth in hacks.
It’s not just your data that’s at stake here. Hackers can take control of your vehicle and make it obey them instead of the driver. They can use commands to activate or deactivate various car functions, which can be fatal for passengers.
Want to see a demo? Watch this 2020 video in which cybersecurity researchers break into a Jeep Cherokee without physically accessing the vehicle. They could access Jeep’s entertainment system, mess with brakes, steering and transmission while a WIRED senior writer drove it on the highway.
So the threat is real. And as more connected cars hit the roads, the risk of such attacks will only increase.
How can cybercriminals break into your car?
Here are some of the ways cybercriminals access car systems and make driving dangerous for you.
1. Remote login without key
Key attack is the most common form of car hacking. This represents 93% of theft attacks in 2020, according to Upstream.auto, which shows an increase of 27% over the five-year period.
Nowadays, most cars have a keyless remote system that allows you to lock or unlock the car, start its engine and control the car’s windows and alarm system.
The communication key communicates with the car in a range of five to 20 meters. It transmits encrypted RF signals that are decrypted by the electronic control unit (ECU) and combined with stored data for successful authentication.
Cybercriminals can clone the encrypted radio signal and unlock the car with a fake key. Here are some ways hackers can use keyless entry systems and infiltrate a vehicle:
Using DoS attacks to deactivate the keychain and learn the data sequence.
Cloning the transmitted frequency using software-defined radio (SDR) devices.
Using Remote Code Execution (RCE), a form of cyberattack in which a malicious actor executes arbitrary commands to access a vehicle from a remote server.
2. Access to a smartphone
By hacking into your connected car, hackers can potentially gain access to the devices you have paired with the car.
Any information you upload to your system, including passwords, driving patterns, financial data, and credit card information, may be at risk from hacking.
Hackers can also use related car apps to access personal information about the car owner. There are several incidents in which car rental companies gain unrestricted access to personal information (PII) of their customers. Leaks of this type can become a major security risk.
3. Hacking your USB port
Cyberattacks via USB data ports and other car interfaces are known risks in cars. Various studies show that modern vehicles can be compromised via USB ports and other inputs, including the infotainment system.
Most of these attacks are usually carried out using social engineering tricks, in which the hacker finds a way to access the car’s system with a malicious USB device. Once inside, hackers can install malware and use resources paired with the car.
This includes hacking into the driver’s phone to access personal information such as bank authentication pins, messages, photos and more.
Hackers can use USB ports to interfere with the car’s firmware and make driving difficult or dangerous for you. Therefore, we recommend you use a USB adapter to charge hackers against data instead of a regular data cable.
With the development of car electronic systems, they begin to require the same level of protection as your smartphone, computer and servers. Advanced telematics navigation and tracking systems, now available as standard on vehicles, make connected cars attractive targets for hackers, terrorists and nation states.
Basic functions such as weather warnings and GPS location are updated via the car’s telematics. Any compromise of the system can lead to false weather information and incorrect navigation, exposing the car and passengers to significant risk.
How to protect yourself from cyber attacks on cars
The risks to your car, personal data and even life are terrible, but there are many things you can do to minimize these risks. Here are some steps you can take to strengthen your defenses.
Keep your systems up to date
Car manufacturers regularly send important fixes and updates to sort out vulnerabilities in the system. It is always a good idea to enable automatic updates to make sure all software and internal systems are up to date.
Be careful with third-party software
Installing third-party applications and software can create vulnerabilities and put your vehicle at risk. Make sure you have installed applications and tools approved by the car manufacturer.
You should only allow access to people you trust. Try to hide your car’s Wi-Fi code so people can’t find your network in public.
It’s also a good idea to turn off Wi-Fi and Bluetooth on your car when not in use.
Blocking unauthorized communication
Many cyberattacks begin with actors sending malicious codes and data packets to the target vehicle. You can avoid these attacks by installing a built-in firewall that can block unauthorized communication with the car’s on-board computers.
An effective firewall will filter the V2V (vehicle to vehicle) and V2X (vehicle to all) communications and allow only authorized persons to communicate with the vehicle.
Think about cybersecurity when buying your next car
Car hacking has become a reality in the new world of connected vehicles. As a consumer, you should no longer buy a car solely on the basis of mileage, acceleration, torque and top speed.
Always consider the safety aspect of the car before you buy it. If the vehicle has access control functions, make sure you have set strict controls. Set strong passwords and never share them with anyone.
With due diligence, you can avoid cyberattacks and keep malicious actors.
One million cars are stolen in the United States every year. Here are some common tactics you need to be aware of to be sure.
About the author