Connected car security goes way beyond buckling your seat belt. FBI suggests- Treat your car like a computer – connected car security sounds like a lot of work!!
Scammers are targeting Internet-Connected Cars The FBI wants us to be aware of this potential issue and to treat connected cars like other computer devices and get connected car security.
Is your car connected? Did you get connected car security? Many cars can now connect to the Internet, enabling drivers to play music, use GPS, and access roadside assistance without their phone. Unfortunately, Internet connection comes with a potential drawback. It opens up your car to the risk of hacking. How the Scam Works:
You use the dashboard of your connected car to get GPS directions, connect through apps or stream music. But one recent study found that scammers can take advantage of security holes in the Wi-Fi connection to gain access to the car’s computer. Once they get in, hackers can steal data or even take control of your vehicle.
Connected car hacking is more of a possibility than an existing issue. But as more people purchase connected cars, hackers are bound to find ways to use them for scams. This just happened with smartphones a few years ago, so the FBI wants consumers to be aware of the potential problem and to treat connected cars like other computer devices.
What are some of the ways an attacker can access vehicle networks and driver data?
Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.
Example: Recently Demonstrated Remote Exploits
Over the past year, researchers identified a number of vulnerabilities in the radio module of a MY2014 passenger vehicle and reported its detailed findings in a whitepaper published in August 2015 (here).
The vehicle studied was unaltered and purchased directly from a dealer. In this study, which was conducted over a period of several months, researchers developed exploits targeting the active cellular wireless and optionally user-enabled Wi-Fi hotspot communication functions. Attacks on the vehicle that were conducted over Wi-Fi were limited to a distance of less than about 100 feet from the vehicle. However, an attacker making a cellular connection to the vehicle’s cellular carrier – from anywhere on the carrier’s nationwide network – could communicate with and perform exploits on the vehicle via an Internet Protocol (IP) address.
Here, the radio module contained multiple wireless communication and entertainment functions and was connected to two controller area network (CAN) buses in the vehicle. Following are some of the vehicle function manipulations that researchers were able to accomplish.
In a target vehicle, at low speeds (5-10 mph):
- Engine shutdown
- Disable brakes
- In a target vehicle, at any speed:
- Door locks
- Turn signal
- Radio, HVAC, GPS
Tips for Connected Car Security
Treat your car like a computer. Your connected car is a computer, so use the same common sense you would for keeping your laptop safe. Be especially cautious when allowing third-party devices to access your car’s computer for reasons other than vehicle diagnostics and maintenance.
Respect recalls. If you receive a recall notice for an issue related to your car’s computer system, treat it as seriously as you would a safety recall and get it taken care of right away. The notification will tell you how to get the problem fixed. Cyber recalls are regulated by the National Highway Traffic Safety Administration. Keep your vehicle’s software up-to-date. Manufacturers will do their best to patch security holes. System updates are annoying but vital for protecting your device. Always make sure you have the latest updates, “bug fixes,” and security patches, but only download those officially provided by the manufacturer.
Lock your car. Just as you password-protect your smartphone and laptop, be sure to lock your car and know who has access to it. If you suspect your connected car has been hacked… Contact the vehicle manufacturer or dealer.