Cyber attacks: Could your vehicle be next?

 

It seems like nearly every device and object can be hacked these days—your computer, your phone, even your baby monitor—what’s next? Many are concerned with the push for vehicle tracking devices to be placed in all new cars that our cars will be the next item on hacker’s list.

Here is how hackers can access these vehicle tracking devices. What the motives are behind hacking into them? Is a threat we will need to be cautious of moving forward? You be the judge:

Vehicle tracking systems

Similar to a plane’s “black box,” many countries are pushing for automobile manufacturers to include a box in each new car that tracks the vehicle and automatically alerts emergency centers in the event of a crash. This device will relay location, time, direction of travel, scale of impact and whether or not airbags have been deployed. This tracking device shows advancements in technologies and the ability to save lives; however, it also runs the risk of insecure data and security issues.

Breaking into your car

If the automotive industry is not prepared for the risks of security with their vehicle tracking devices, we could potentially see a new trend of hacking. The bad news is there are more opportunities for hackers to break into your car’s system than just the vehicle tracking device: remote key systems, satellite radios, telematic control units, Bluetooth connection and even wireless tire-pressure monitors. Security experts call these systems “attack surfaces” and once a hacker has found their way into one system, they can likely connect to a different system in the vehicle that may control running transmission systems, engine cylinders and, in the most advanced cars, steering controls.

While we have seen huge strides in cybersecurity, the overall security on these automotive systems is still 15-20 years behind. Once hackers have entered the vehicle systems, they have the capabilities to track movements, activate built in microphones to record, unlock cars for crooks to break in and even disable your cars engine.

Just last week, a viral video and article were released: security researchers Charlie Miller and Chris Valasek demonstrated that they could hijack a vehicle over the Internet, without any dealership-installed device to ease access. The two hackers turned on the driver’s (who was a part of the test) air conditioning, turned the stereo to full blast, started the windshield wipers and fluid… and then they cut the transmission.

Taking the necessary precautions

The goal of security researcher’s Miller and Valasek was to raise awareness to the automotive industry of the potential risks that will arise with incorporating automobiles into the Internet of Things movement. Cybersecurity is a serious issue for every industry, including the automotive industry, and the next step is for manufacturers and companies to be taking the steps to reduce risk by building security systems at the earliest phases of design.

Now for the good news: Car manufacturers and security experts are taking these automotive risks seriously. As of now, these hacks are still difficult to pull off, which will allow time for manufacturers to focus on preventing attacks in future and current vehicles.

In the meantime, there are steps individuals can take to ensure their cars remain safe. Unknown or unscreened devices should not be plugged into car’s USB or diagnostic ports. Only use a mechanic that you trust, as these can be potential opportunities for malware to be installed. Finally, locate your vehicle’s OBD-II port (usually located under the dash on the driver’s side) and familiarize yourself with it – if you ever notice anything unfamiliar plugged into it or it looks like it has been tampered with, take your car into the dealership immediately.