With modern cars becoming more connected, with smarter features, hacking is a real danger. It’s rare, but it’s already happening. We’re not in the “stop your engine” world yet, but it’s easy to break into a car with keyless entry and steal everything inside without the owner ever knowing the car was unlocked.
Here’s the bad news: Breaking into your car is only one issue, and keyless entry is not the only vulnerability. But here’s the good news too: You’re not really in personal danger. Yet, anyway. Today’s issues involve theft and break-ins thanks to vulnerabilities in those “smart” and connected systems. That doesn’t mean the future doesn’t hold concerns, though.
Last year, Wired writer Andy Greenberg played crash-test dummy for a pair of security researchers who took over the Jeep he was driving from 16km away:
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
What You Can Do to Protect Yourself (and Your Car)
Even if you have a fancy, connected, app-enabled and keyless-entry vehicle, you’re not entirely powerless against these kinds of attacks. Educating yourself is the first step. Mercury Insurance has a guide to help you find out how vulnerable your make and model of car is, and you can use that information to help protect your investment.
Protect your Fob
The most common issue today with smart, connected cars is keyless-entry break-ins. To prevent theft, experts advise keyless-entry car owners to put fobs in a freezer or microwave (appliances with steel construction that acts like a Faraday cage), wrap them in aluminium foil, put them in a steel box or buy an RFID key fob protector.
Of the available options, an RFID key fob protector is probably the best one that’s not also kind of ridiculous. Extreme temperatures can damage batteries, and you really don’t want to forget your fob is in the microwave when you want a cup of tea at 3AM. You’ll find plenty of RIFD pouches made for the purpose on the market; it’s the same basic technology used to protect your credit card information or passport from identity theft.
Remove your OBD II Dongle
OBD (short for On-Board Diagnostics) II Dongles are devices provided by some insurance companies to monitor your driving habits, and in many cases, offer you safe driving discounts if you’re overall a safe driver. They connect to your car through a port on the underside of the steering column (the same port auto mechanics use to diagnose problems with your car, like why your check engine light came on) and upload that information to your phone (and to your provider) via Bluetooth. Having a dongle might help you save money, but it also presents an additional point of access. When it’s not in use, unplug it.
Resist Phishing Attacks and Hone Your BS Skills
If you can open and start your car with your phone, so can other people. Researchers in Norway recently demonstrated a phishing technique they could use to steal all the information needed to drive away in your car using nothing but a mobile phone and a phoney offer over public Wi-Fi.
Phishing scams can be very convincing. In this case, the researchers pushed an offer for a free burger at a nearby restaurant in exchange for downloading an app to the victim’s smartphone, then used the smartphone to access the car.
Other common phishing scams include emails that appear to come from your bank or credit card company or offers that entice you to click on a malicious site. Learn to recognise and avoid attempts to steal your passwords and personal info to protect yourself from fraud.
Understand Your Vulnerability, and Don’t Panic
Taking over your car’s functions while you’re driving requires expert skills, and there’s no obvious point. In a US Government Accountability Office (GAO) report, researchers pointed out that while real threats are certainly possible, they are largely theoretical. There’s no indication, or reported incidents, to lead anyone to believe cars are being attacked, controlled or shut down by attackers. The real-world risks come from petty theft, which we’ve mentioned above, and risk assessment research. The odds that your car might be disabled while you’re driving are almost non-existent, at least today.
Experts at the University of California explain that real threats ultimately must have some motive, and what purpose would it serve to disable the brakes on moving cars? Some speculate that terrorist attacks or attacks against high-value, specific targets may be the motives behind future “car hacking” attempts, but the more mundane and likely dangers are break-ins, information theft or using stolen GPS data to track movements or patterns of corporate rivals, celebrities or politicians.
In context, internet connected cars are invaluable. Monitors track engine performance and maintenance issues, information manufacturers use to improve next generation vehicles and insurance companies use to assess risk. Parents can tap into GPS to track wayward teens, and proximity alerts help prevent accidents. In-car assistance services like GM OnStar Advisor can find and reserve a hotel on your route or send help if you are in an accident. While we might potentially face data theft, the trade-off in benefits is well worth the risk.
As vehicles evolve into sophisticated devices with built-in diagnostics, tools, add-on devices and input from their surroundings, they become ever more vulnerable to hacking. Today’s cars and light trucks are loaded with wireless entry points. The risk is minimal now, but it’s definitely real, and worth thinking about when you buy your next — or park your current — car.