Hacking Your Car – Everything You Need To Know About Auto Cybercrime

Here we discuss all you need to know about cybercrime and how to protect your car.

Computers and connected devices are present in every part of our lives...and of course that even includes our cars. While in the past the most expensive piece of electronic technology in a car might have been the stereo, we now have full onboard entertainment systems, engine control units, Sat Navs, cameras, radar, security devices and more.

But almost as long as technology has existed, hacking has, too. With every step that’s made our lives more convenient or secure, there have been people figuring out how to exploit new technologies to their own advantage. As our cars become increasingly connected and reliant on computer technology, there’s no reason to believe that they wouldn’t be a target risk just like our laptops.

While in the past car thieves only needed to know how to bypass physical locks, now hackers can get the same result by tricking a car’s electronic security.

How Do They Do It?

At the moment the most vulnerable part of most cars is their Electronic Control Units (ECU). 

The ECUs manage a number of electronic components in the cars, such as the engine, transmission, brakes, timing, steering, suspension and more. ECUs are not a particularly new technology: General Motors first used them in their 1977 Oldsmobile Toronado for electronic spark timing. However, these were relatively primitive ECUs and were pretty much impossible to alter, as the functionality was hard-coded right into the chip. Even much later on when reprogrammable flash memory became available, you would need to physically access the chip in order to make any changes, and even then you’d need a very deep understanding of how the chip worked to do anything beyond simply destroying it.

The difference with modern ECUs is connectivity. Modern cars have given over many more functions to automation and ECU management; some modern cars have over 150 ECUs. These ECUs are often managed through a central hub, and this hub is usually open to Bluetooth or Wi-fi connectivity. This is because of the maintenance and updates. While older cars require physical access for software updates, this can be done more quickly and efficiently over a 5G network. However, this can also make it vulnerable to potential viruses. 

In 2015, a team from the University of Washington managed to get into GM’s OnStar telematics system and show how they could manipulate steering, braking, the engine and other systems remotely. Luckily these were ‘white hat’ hackers – people who find weaknesses in a system, not to exploit it, but to warn the manufacturer so they can fix it. Later that year a Jeep Cherokee was hacked, using vulnerabilities in the Chrysler Uconnect system and wireless provider Sprint. That incident led to the recall of more than one million vehicles to have their telematics systems updated.

What Do They Get Out Of It?

There is definitely money to be made from automotive cybercrime. 

At the most basic level, there’s the same kind of profit made by more ‘traditional’ car thieves. As newer cars replace physical key locks with electronic systems, criminals are figuring out how to get around these Remote Keyless Systems.

Some older key fobs are operating on decades-old technology which is easily bypassed, and even newer systems can be fooled by ‘code grabbers’. These devices are easy to purchase online and are legal to own. A code grabber reads radio waves sent out by nearby devices, such as car fobs, and then replicates the system. With this code thieves can either just open the car door to steal the contents, or they can even start and then steal the entire car.

Even more insidious than stealing a car is the ability to override the controls. Cars have given a lot of control over the ECUs, and this trend is only set to continue. We’ve already seen examples of self-driving cars where the entire operation of the vehicle is controlled by an automated system. The danger here goes beyond the theft of the car itself, as even passengers can be at risk. A criminal with full control of a car could put the passengers in danger in exchange for a ransom, or could even threaten a manufacturer’s entire fleet of cars unless they pay up.

What Can We Do About It?

At the moment there are a few things you can do to secure your car’s systems. If you have a keyless system you might want to invest in a Faraday bag. These bags block any signals from your fob when you’re not using it, preventing possible interception from a code grabber. All modern cars also have an OBD (on-board diagnostic) port, which is a universal plug that mechanics and technicians use to access the vehicle’s onboard computer. You can buy a special lock for your OBD port for around £200, which stops criminals from physically tampering with your car’s systems.

In terms of remote vulnerabilities, your best bet is to apply patches and updates to your car’s software as soon as they’re available. While some updates are there to improve performance, modern car manufacturers are very security conscious and are always looking for software vulnerabilities. 

Just as it is with your phone or your laptop, a lot of vehicle software updates include security fixes. It’s a good idea to follow your car’s manufacturer on social media to keep an eye out for announcements of new updates, and if these need to be installed physically then you can get this done at a local dealership or by a trained automotive specialist.

This article was brought to you by Quick Car Finance, a leading UK car finance company for new and used cars.

User GhuestThere are 0 comment

Leave a comment

Your emal address will not be published. Required fields are marked*