Pinterest Stumbleupon Whatsapp
Ads by Google

One of the greatest risks to the owners of smart cars is that of cyber criminals: hackers working hard to discover vulnerabilities in the latest cars so that they can hijack, ransom, steal, and perhaps even use as weapons.

Reading press reports would lead you to think that the only cars that hackers can pull off an impressive piece of over-the-air hijacking on are the latest smart cars — internet-connected automobiles — that you’d have to break the bank to afford.

But the truth is that virtually any modern car can be subverted by cyber criminals as long as there is a microprocessor that can be accessed or interfered with remotely. Find this hard to believe? Read on!

1. Bluetooth and Internet Vulnerabilities

Modern smart cars come with Bluetooth built in, at the very least to give you the convenience of hands-free (and therefore safer) calls while you’re driving. More commonly, this feature is used to pipe music from a phone through your car’s audio system. Similarly, mobile internet is being introduced into new cars, turning them into giant smartphones with wheels.

Both of these communication methods offer an avenue for hackers to deliver attacks. The recent story of the Jeep killed remotely on the highway with a Wired journalist in the driving seat was only possible thanks to vulnerabilities in Chrysler’s Uconnect feature, which controls entertainment, navigation, phone calls, and wireless hotspots in hundreds of thousands of vehicles.

muo-security-carhacking-jeep

Ads by Google

Worse still, the cellular connection employed by Uconnect lets anyone who knows the automobile’s IP address to gain access from anywhere in the USA. As Charlie Miller, one of the researchers responsible, observes, “From an attacker’s perspective, it’s a super nice vulnerability.”

The answer here, of course, is to disable Bluetooth (use a cable instead) and avoid cars with mobile internet — which should be fine since a quick check of the history books reveals that cars have managed fine for the past 100 or so years without being connected to a central computer.

Other connected cars have their own vulnerabilities to worry about. For instance, the Mitsubishi Outlander’s alarm can be disabled or even drain the car’s battery.

2. Radio Intercepts Remote Lock Signal

German car giant Volkswagen is not having a good time of it lately. Not only have they been found to have technologically suppressed emissions data, it seems that their cars are susceptible to a number of bugs.

But this time, it’s not new cars that are at risk from cyber attacks. Instead, we’re talking about older cars, from as far back as 1995, that are vulnerable to an attack that can be delivered using simple radio waves.

muo-security-carhacking-keys

It’s estimated by security researchers — some of whom were involved in an earlier revelation that VW’s ignition was vulnerable — that the keyless entry systems of almost 100 million cars is susceptible to an attack that remotely unlocks the car.

This is done using an Arduino board Arduino Buying Guide: Which Board Should You Get? Arduino Buying Guide: Which Board Should You Get? There are so many different kinds of Arduino boards out there, you'd be forgiven for being confused. Which should you buy for your project? Let us help, with this Arduino buying guide! Read More and some additional components (up to $40 in value; alternatively, a suitably equipped laptop can be used) to intercept the signal as it is sent by the car’s owner, unlocking the vehicle. The signal is then cloned and used to unlock the target vehicle.

The fix? Lock and unlock your 1995-2016 VW manually, not remotely! Sadly, keyless theft isn’t limited to VW. Thieves targeting vulnerabilities in electronic locks accounts for a massive 42% of car theft in London alone.

3. Zubie and the OBD-II Vulnerability

We’ve looked at OBD-II a couple of times over the years. This is a system that makes it possible to communicate with your car’s computer — the integrated, under-the-bonnet device that controls the electronics, power steering, etc.

You may have seen the technicians at your local repair shop connecting a computer of some sort to a hidden port in the front of your vehicle. This is what they’re using.

muo-windows-obdii-usb

Anyone can access this port using a cable or Bluetooth connector, and with suitable software installed on your computer (Windows software is available OBD2 & Windows: Save On Auto Repair With Diagnostic Tools OBD2 & Windows: Save On Auto Repair With Diagnostic Tools Finding a broken car's fault can be costly. Save by doing it yourself! All you need is a Windows computer, free diagnosis software, and a cable plugged into your car's OBD II connector. Read More ) or mobile device (it’s simple using Android How To Monitor Your Car's Performance With Android How To Monitor Your Car's Performance With Android Monitoring tons of information about your car is incredibly easy and cheap with your Android device -- learn about it here! Read More ), you can view some interesting fault diagnostic information as well as tune your car.

Unfortunately, however OBD-II has its weaknesses. The Zubie is the most popular way to connect to your car’s OBD-II port, and this included a vulnerability Can Hackers REALLY Take Over Your Car? Can Hackers REALLY Take Over Your Car? Read More (now closed) that enabled attackers to spoof the remote Zubie server (where car data was uploaded) and send malicious software to the Zubie, which might then have been used to disable the car or worse.

The key to safety here is to avoid plugging things into your OBD-II slot unless you’re confident that the device, and any related software, is trustworthy.

What Is the Risk to You?

As of this writing, the hacks featured here are almost all in the development stage. For hackers and automobile firmware developers, it’s like the Old West at the moment as boundaries are established and methods of intrusion are tried and tested.

For now, you’re probably safe. Thanks to security researchers, the kinds of holes that lead to these kinds of hacks can be plugged as each generation of smart car is released. It’s unlikely that the majority of the vulnerabilities listed here will be used against you.

However, by the time the self-driving car becomes commonplace, they may already be compromised How Secure Are Internet-Connected, Self Driving Cars? How Secure Are Internet-Connected, Self Driving Cars? Are self driving cars safe? Could Internet-connected automobiles be used to cause accidents, or even assassinate dissenters? Google hopes not, but a recent experiment shows there is still a long way to go. Read More  and their potential for cutting emissions Study Says Driverless Electric Cars Could Cut Emission by 90% Study Says Driverless Electric Cars Could Cut Emission by 90% Most experts agree that driverless cars will play a key role in making transportation safer. However, a new study published in Nature Climate Change suggests that self-driving cars will also provide environmental benefits. Read More suddenly becomes an unattractive option if driving becomes a lottery.

But the fact that comparatively old vehicles are at risk of such a simple radio-based hack — one that will immediately relieve you of your much-loved car — will come as a major concern to anyone using a remote lock.

But what do you think? Do you feel as though you’re at risk? Will you stop using your remote unlocking key fob on your VW? Tell us what you think in the comments.

Image Credit: SP-Photo/Shutterstock, Keys (“New Car“) by Caitlin Regan, Jeep – New Ride by Roy

  1. fcd76218
    August 24, 2016 at 5:03 pm

    And people cannot wait for self-driving cars! I bet the hackers are just licking their chops at the opportunities for mischief offered by self-driving cars.

    • 884493
      August 25, 2016 at 10:22 am

      Forget the casual hackers. How about corporate interests and governmental bodies who might decide that a mass pile-up would benefit them.

Leave a Reply

Your email address will not be published. Required fields are marked *