Automobile manufacturers continue to roll out new technologies to enhance their product offering. With features such as Bluetooth, Wi-Fi, GPS, and emergency braking technology considered “standard equipment” in many cars, there is a danger in turning cars into what are essentially giant smartphones. The most pressing concern is that as these services are added, security is typically an afterthought, at best.
The FBI and leading security researchers have identified car hacking as a real risk.
Here are five ways your car or truck may be hacked:
Odometer rollback/hacking
Don’t think that this is a small problem. In one case, a San Francisco bay area used car dealer was charged with what’s thought to be the biggest single odometer tampering case. Over 80 cars are believed to have been hacked. Other individual car buyers have been scammed after buying used cars online or through Craigslist. The devices used to perform this hack are readily available and can be bought online for less than $200.00.
VIN cloning
This hi-tech hack makes a stolen car look legitimate. According to FBI statistics, there are more than 700,000 car thefts in the United States every year. Vehicle Identification Number (VIN) cloning is used to mask theft or previously wrecked automobiles. These thieves either physically change the VIN or clone it electronically and simply use another similar make and model counterfeit VIN. Some unsuspecting car buyers have not discovered this hack until they’ve taken their cars in for repair/service.
GPS jammers
You don’t have to go to the dark web to buy a GPS jammer. These devices are readily available on the web and are typically imported from China. They’re used to make a car disappear as it blocks any GPS tracking being used. Typically, these devices are plugged into a standard cigarette lighter jack then will disrupt any GPS tracking systems for a radius of up to five to ten yards. The FBI has reported that these devices have been used in car thefts and when thieves transport vehicles out of the United States.
Remote unlock
While the convenience of the remote unlock feature is something that everyone enjoys, attacks against key remotes are on the rise. Earlier this year, researchers demonstrated how they were able to hack 24 different vehicles from 19 different manufacturers; they not only unlocked the cars but also drove them away. The cost of the hardware used by the attackers averaged less than $250.00 dollars. If this is not bad enough, researchers have now discovered a way to exploit weak cryptographic key techniques to gain access to almost every Volkswagen vehicle manufactured since 1995.
Jackware
While jackware is currently seen as theoretical, security researchers foresee the day when ransomware may migrate to automobiles. The idea is that a hacker would disable your car until you pay. While many may see this as far fetched, the fact is that attacks against other emerging technologies such SCADA and IoT continue to rise. Given the technical challenges of securing computer-enabled vehicles, there is a real possibility that hackers will move into this realm.
This is a lot for consumers to take in and, unfortunately, much of it is outside your control. However, there are a few things you can do:
Before you buy a used car:
Go to the National Insurance Crime Bureau’s (NICB) VINCheck website to make sure the VIN is legitimate. You can also check CARFAX for any alerts associated with that VIN.
It also helps to manually check the VIN yourself: does the VIN plate look tampered with? Does the VIN match on the dash, door sticker, title documents, etc.?
Additionally, run a search on a site like CARFAX.com to make sure the mileage number matches what has been reported.
To protect yourself against vehicle theft:
Use a steering wheel lock like “The Club.” This may be ‘old-school,’ but it’s a tactic that will still work today.
You should also contact your dealer periodically to see if software updates are available for your model car. Automakers will continually update these systems, so you want to make sure you’re keeping it up to date (similar to your home PC).
The fact is that vehicles simply don’t have the levels of defense that traditional computer systems do. Some might say that we’re reaching a point where automotive systems will require the same level of security that other computer systems use such as anti-virus and intrusion detection. With the concept of self driving cars on the horizon, we must address the vulnerabilities in automotive systems before it’s too late!