Article highlights:

  • – FBI and NHTSA warn public about cyber security threats related to connected-cars
  • – FBI warning comes in wake of car hacks on industry’s top brands
  • – Car manufacturers release patches to protect consumers
  • – Software updates critical to keeping your car safe

Connected-cars offer endless, revolutionary possibilities for the industry. But are they safe? For the moment technology is playing catch-up with our imagination as vehicle manufacturers struggle to keep up with security and privacy concerns.

Connected-cars allow drivers to connect with internal and external third-party devices like mobile phones, tablets, USB, Bluetooth or Wi-Fi devices that, according to the FBI, “pose a particular risk to security.”

This security risk was at the heart of the connected car hacking warning released Friday by the FBI and NHTSA (National Highway Traffic Safety Administration). The warning asks the general public and vehicle manufactures “to maintain awareness of potential issues and cyber security threats related to connected vehicle technologies in modern vehicles.” According to the joint-statement, “if a hacker gains access this way…it would be possible for them to manipulate critical control systems or be able to access user data stored on the vehicle.”

FBI warning justifies connected-car hysteria

Just last month Scientific America published “Why Car Hacking is Nearly Impossible,” and Forbes suggested that with just one instance of malicious car hacking, the “hysteria” surrounding connected-car security is unfounded.

Hackers, on the other hand have been intent on proving these industry experts wrong. Friday’s FBI warning will likely bring an official end to the debate as to whether connected-cars are secure.

How are vehicles hacked and how are manufacturers responding?

1. Hackers gain access through insurance black box

Researchers from the University of California showed that hackers could access an insurance black box that was connected to a 2013 Chevrolet Corvette. This hack allowed the researchers to gain control of the brakes and wipers with a simple text message. Fiat Chrysler Automobiles quickly responded with an update to 8,000 vehicles aimed at adding protection against cyber attacks [1].

2. Hackers gain access wirelessly and remotely

Last summer security expert Andy Greenberg allowed computer hackers Charlie Miller and Chris Valasek to hack his Jeep Cherokee while he was driving in St. Louis. The pair were able to successfully manipulate the vehicle’s air conditioning, radio and windshield wipers before telling Greenberg to drive onto the highway where they eventually cut the Jeep’s transmission and brake control from the comfort of their couch.

“The result of their work was a hacking technique – what the security industry calls a zero-day exploit – that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles,” Greenberg told Wired. “Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country”[2]. Fiat Chrysler quickly responded with a software update that protects against these attacks[3].

3. Hackers gain access through diagnostic port

In 2013 Greenberg’s team accessed a Prius through a computer wired into the vehicles’ onboard diagnostic port, allowing them to disable the brakes, honk the horn, jerk the seat belt and take over steering controls [4]. Toyota responded with software updates that add enhanced security to their vehicles.

4. Hackers gain access through remote-access trojan

Security researchers found two ways to hack the Tesla Model S, but both hacks require physical access to the car. A network cable behind the vehicle’s driver’s-side dashboard gave researchers access to plug their laptop into the car and use a software command to start and drive the vehicle [5].

With physical access to the vehicle the researchers were also able to plant a remote-access Trojan on the vehicle’s network which allowed them to later cut the Model S’ engine remotely while someone else was driving [6].

Tesla responded quickly with an over-the-air software update that allowed the company to install the update automatically on all of their vehicles. This enhanced security feature doesn’t rely on the owner to remember to install the patch or software update.

Hackers force brands to upgrade technology and enhance security

Vehicle manufacturers are continuously working to identify and guard against potential vulnerabilities with their connected-cars. As Chrysler told Wired, “Fiat Chrysler Automobiles has a program in place to continuously test vehicles systems to identify vulnerabilities and develop solutions…FCA is committed to providing customers with the latest software updates to secure vehicles against any potential vulnerability.”

This system involves patches which must be manually implemented with a USB stick or by a dealership mechanic [7]. For this reason, the FBI and NHTSA asked drivers to minimize the risk of a hack by “ensuring all software is up to date, as well as taking care when making unauthorised modifications.”

Although the technology is there, brands are continuing to work on building consumer trust by proving to consumers that connected-cars are secure and safe. The race to provide secure connected-car technology is spurring hiring en-masse of the country’s top tech employees within the auto industry.

Meanwhile, the public seems convinced that car manufacturers will meet technological demands while solving issues related to security and safety and so the pressure is on for brands to meet these high expectations.

Sources:
1. Preece, Caroline. FBI Issues Connected Car Hacking Warning. ITPro. March 18, 2016. Online: http://www.itpro.co.uk/hacking/26234/fbi-issues-connected-car-hacking-warning.
2. Greenberg, Andy. Hackers Remotely Kill a Jeep on the Highway – With Me in It. Wired. July 21, 2015. Online: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.
3. Preece, Caroline. FBI Issues Connected Car Hacking Warning. ITPro. March 18, 2016. Online: http://www.itpro.co.uk/hacking/26234/fbi-issues-connected-car-hacking-warning.
4. Greenberg, Andy. Hackers Remotely Kill a Jeep on the Highway – With Me in It. Wired. July 21, 2015. Online: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
5. Zetter, Kim. Researchers Hacked a Model S, But Tesla’s Already Released a Patch. Wired.  August 6, 2015. Online: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/
6. Zetter, Kim. Researchers Hacked a Model S, But Tesla’s Already Released a Patch. Wired.  August 6, 2015. Online: http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/
7. Greenberg, Andy. Hackers Remotely Kill a Jeep on the Highway – With Me in It. Wired. July 21, 2015. Online: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Tagged with: