Tech updates increasing vulnerability
When my old car finally quit, the only “special” thing I wanted in my new-to-me car was a CD player. Technology has come a long way in the past ten years, but I still have the car with the CD player. However, I also use a FM transmitter to play my iPhone through the speakers. Newer cars come with a whole host of features aimed at keeping us safer and simplifying our lives through Bluetooth, Wi-Fi, and more, but do the vulnerabilities and risks of these features, outweigh the rewards?
The FBI weighs in
The FBI along with the National Highway Traffic Safety Administration, have issued a safety bulletin addressing concerns that vehicles are being targeted more and more by hackers. While the latest issues of this have been resolved, they do want to make consumers and manufacturers aware of the potential problems. They stated in the bulletin: “The FBI and NHTSA are warning the general public and manufacturers of vehicles, vehicle components, and aftermarket devices to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
Where are the vulnerabilities?
You may have heard about one of the more recent issues concerning the testing of the radio module. In August of 2015, a study [PDF] was published regarding researchers testing, targeting, and exploiting this particular device through attacking the vehicle through Wi-Fi and cellular connections. The radio module contained multiple wireless communication and entertainment functions and was connected to two controller area network (CAN) buses in the vehicle. Through their testing, researchers were able to shutdown the engine, disable the brakes and steering, trigger the door locks and turn signals, manipulate the tachometer, radio, HVAC, and GPS.
Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.
Worried? Here’s 5 ways to minimize the chances of being hacked
1. Ensure your vehicle software is up to date: If your manufacturer issues a notification to update, it’s important that you do, but, verify that the update is genuine. Verify any recall or update notices by visiting your car’s manufacturer website. Clicking through emailed links presents the opportunity for hackers to send malicious links. Also, be wary of receiving USB and SD cards via the mail. Hackers could use this method to introduce malicious software into your car. Instead, check on your vehicle’s manufacturer’s website to identify the latest software updates. Use your own USB or SD card where necessary to download and transfer information. You can always check with your dealer or manufacturer before updating.
2. Be careful when making any modifications to vehicle software: Unauthorized updates could create increased vulnerabilities and change the way your car works.
3. Maintain awareness and exercise discretion when connecting third-party devices to your vehicle: Most modern vehicles have a standardized diagnostic port (OBD-II), which provides connectivity to the in-vehicle communication. Keeping these third-party devices secure is critical as a hacker may target them remotely as a way into your other systems. Do not connect any unknown or untrusted devices to the OBD-II port.
4. Be aware of who has physical access to the vehicle: Treat your vehicle the same way you do an unlocked smartphone, or computer: you don’t let people you don’t know touch it. Be cautious of who you leave your vehicle with; it only takes a few moments to upload hacking software.
Improving cyber security
While there are risks with using any technology, you want to be especially mindful of your automotive technology. The last thing anyone wants is to lose control of your vehicle. While the chances of this are minimal, you can decrease them even further by being actively aware of whom you leave your car with, your surroundings, and your technology system.
The rewards of technology outweigh the risks, especially when you consider the increased safety benefits of advanced technology; however, there is always a chance someone will turn this technology to their advantage. The NHTSA is actively working on initiatives to improve cyber security in vehicles.
To increase your security, please, follow the FBI’s tips above, or you can reach out to local law enforcement and the FBI with questions and concerns via the Internet Crime Complaint Center, or file a complaint with them.