March 7, 2019
What car do you drive? Chances are that you’re driving a car that has some sort of infotainment system installed. It can also have a plethora of features and creature comforts that can turn an everyday drive into nirvana. Is it a “smart car” then? In a way, yes. All modern cars have an onboard diagnostic computer (OBD II) that controls everything – from fuel intake to brake distribution. But a real smart car is one that you can control remotely and whose entire system is interconnected.
Today’s smart cars are like computers on wheels, and we can expect the same level of future upgrades. The cars of the future will also have the ability to talk to each other and to the dealership for diagnostics. And here lies the problem. Computers can get hacked. In this article, we’ll be talking about the top 5 cyber threats Smart Cars face and how to keep your car safe.
Top 5 Threats for Smart Cars
The computer in a smart car is like any computer. It has an operating system that acts as the brain that controls everything. But no matter how robust a system is, it still has vulnerabilities that a cybercriminal can exploit. Criminals can bypass a smart car’s systems in plenty of ways:
Threat 1: Remote Hacking
All you need to do is take a look at the Jeep Cherokee hack done by researchers Charlie Miller and Chris Valasek. Back in 2015, the duo was able to gain access to the Jeep’s systems that controlled the brakes and engines just by knowing the car’s public IP address. Trend Micro disclosed a vulnerability in an app used by the Nissan Leaf. The exploit gives anyone with an internet connection control over some of the car’s functions. All you need is the car’s VIN number to authenticate a session and gain control of the vehicle. A VIN search is effortless to do these days, as car makers often place them on the windshield or somewhere on the body.
Threat 2: Installation of Infected Apps
One of the weakest links in a smart car is the infotainment system. The Jeep Cherokee hack in 2015 used the car’s own entertainment system to gain access to the onboard computer. A similar yet more sophisticated attack could come from installing an infected app. All a hacker needs to do is get users to install an app with malicious code to gain access to the car’s entire system. Apps laced with malware run rampant in unofficial app stores for Android and iOS.
Threat 3: Third-party Backend Exploit
Hackers can gain access if a smart car manufacturer uses a third-party backend service for data gathering or cloud services.
Threat 4: Installing Illegal Diagnostic Firmware
Another way a hacker can gain access to a car’s computer system is when the owners try to save money. There are services and tools online that allow owners to run their own diagnostics or reset the car’s mileage. Hackers can piggy-back a trojan into the illegal firmware and gain remote access to a car’s system.
Threat 5: Physical Hacking
All a cybercriminal needs to do is insert an infected USB. The USB can contain anything, from malware that can steal information to a trojan that allows backdoor access to the entire system. Researcher Stephen Savage broke into a car in 18 seconds by using a CD that had .WMA songs laced with malware.
Much like protecting your PC or phone, you must have strict safety measures in place, so your smart car doesn’t get hacked.
- Only use official apps from legit sources – if it’s not from Google Play or the Apple App store, don’t install it.
- Don’t install any aftermarket accessories and illegal firmware.
- Update your car’s firmware regularly – updates and patches are there for a reason. Only download official firmware updates from the manufacturer.
- Install an antivirus that can scan mobile apps – most mobile antivirus programs can scan for malware and PUA’s.
- Always check for any signs of physical tampering – especially when you just got your car serviced. It’s the smart car age but still a lot of cars are manufactured as lemons.
As technologically advanced as smart cars are, the reality is that hackers are just a public IP address or rogue app away from taking control. Taking the necessary precautions and reporting any suspicious activity to the authorities is the only way to go.
Stay safe everyone.
Emily Andrews is the marketing communications specialist at RecordsFinder, an online public records search company. Communications specialist by day and community volunteer at night, she believes in compassion and defending the defenseless.