Anything with a computer can be hacked and as our cars get connected to the Internet of Things, they become more vulnerable to attacks. On-board computers with internet connectivity, wireless key fobs and car-integrated apps are just a few of the many points of entry a hacker can exploit to steal or even remotely control your car.
(Video uploaded by WIRED)
In 2015, two hackers demonstrated that they could remotely hack their 2014 Jeep Cherokee from several miles away with their laptop (watch the video above). Andy Greenberg of Wired Magazine bravely agreed to be their living crash-test-dummy and watched in awe as Charlie Miller and Chris Valasek, the two hackers, toyed with the Jeep while it was driving down a highway – turning on its fans, changing the navigation display, blasting music at full volume, releasing windshield washer liquid and finally killing the engine. Miller and Valasek's hacking program works with any Fiat Chrysler vehicles from late 2013 onwards that use Uconnect. Their stunt was conducted to prove a point: vehicle manufacturers were being negligent with their vehicles connected to the internet and since the demonstration, Fiat Chrysler has recalled 1.4 million of their vehicles for a software patch.
In Germany, 2016, the ADAC demonstrated how 24 different cars that use wireless key fobs could be stolen using a pair of custom-made radio signal amplification devices made from inexpensive consumer electronics. The first device amplifies the signal from the key fob. The second device then receives the signal and can complete the “handshake” process between the key and the car. This allows the car to be opened and then driven away without the actual key fob. The devices can work as far as 90 metres from each other and according to ADAC researcher, Arnulf Thiemel, there is no easy fix for this, except using makeshift “faraday cages” that block all unwanted radio signals or storing your keys in the freezer.
In 2017, two researchers at the Russian security firm Kapersky found that many apps that connect to cars lacked even the most basic software defences. While the researchers did not disclose what apps are at risk, they explained that hackers can gather log-in details and vehicle identification numbers by rooting the victims phone and gathering the unencrypted information stored by the app on the phone’s memory. Alternatively, hackers may trick victims into downloading an altered version of the app that collects their log-in details. Or, they infect the phones with malware that could open a fake interface when the app is open, allowing hackers to steal log-in details.
These hacking demonstrations underline a fundamental issue with modern car manufacturing. As cars become more computerised, they open up more weak points for hackers to exploit, meaning that more vehicles can be easily stolen. Scarier are the implications of deliberate accidents caused by hackers remotely controlling a vehicle – a scenario WikiLeaks suspects of in relation to the death of journalist Michael Hastings. In the words of Chris Valasek: “You want technology to progress, but at the same time you want it to be secure.” The threat of your car getting hacked is a reality and ultimately, it falls to manufacturers to solve this massive security flaw.
But, there are some things you can do to help prevent your vehicle from being hacked and stolen. Keep your software updated. If your vehicle is connected to the internet, make sure that you download all updates before you set off on the road. Each update may contain important security patches. While asking you to store your key fob in the freezer is ridiculous (but effective), you can purchase inexpensive RFID signal blocking pouches that block unwanted radio signals. If you are using an app connected to your car, be careful what you download and what information you input. Check the app before you download it: what does it access on your phone and where are you downloading it from. If it’s from a third-party website, avoid it. If you’re on Android, use Google Play Protect, which will scan your device for any malicious software (Apple has a more rigorous security process for their apps on the App-Store). When dealing with information such as your vehicle registration number, exercise the same degree of security as you would with your bank details.
If you are still paranoid about having your car hacked and stolen, you can always resort to installing anti-theft measures, such as steering wheel locks or car alarms. The best solution would be installing a GPS tracking device, which will allow you to monitor your vehicle remotely.