The expanding capabilities of smart cars is evident in recent years given the plethora of smart car options available in the automotive industry. These cars make us seem more connected to us than ever-before. Before you get into your smart car, it knows when you are near the vehicle and unlocks the door for you. It remembers your seat adjustments and changes the seat settings automatically. You enter your destination and the car takes you there with minimal intervention required on your part. With all of these new advancements getting pumped in new cars however, car manufacturers are forgetting the most important one: security.

Security is one feature that car manufacturers are giving an after-thought. Smart cars are connected to the Internet and to your phones in more ways than one. We take the case of MyCar, an automotive telematics company that manufacturs a hardware devices that allows your car to be remotely controlled via an application that is installed in your phone. The MyCar allows car owners to remotely warm up the cabin in winter, cool in summer, open and close doors, turn anti-theft systems on and off, open the trunk and even find a car in a crowded parking lot. A security researcher found that the app’s source code was had embedded credentials which could be accessible by anyone from the outside. Once they have your credentials for the app, they would have been able to find your car and control it remotely. While this vulnerability was limited to turning the heat on/off in the car (and has since been fixed), some other vulnerabilities are much more dangerous.

Tesla (and other recent car manufacturers) are known to have functionality in their smart cars that enables them to be controlled by a mobile application. This even includes calling your car to your current location (albeit for small distance). The single point of failure in this case is the mobile phone which, in previous posts, we already know are vulnerable to several kinds of attacks. According to the researchers at Kaspersky, hackers could potentially control the cars by rooting the phone or getting the owners to install malicious software on the phone thereby giving the attackers ability to locate a car, unlock it, and in some cases start its ignition.

An even more dangerous experiment was performed by two security researchers, Charlie Miller and Chris Valasek. They remotely hacked an unsuspecting Jeep Cherokee while in motion via the entertainment system. They were able to remotely access the infotainment area and weather controls and blasted the radio to a random channel on full volume and made the air-conditioning unit blow chilled air in the car. They then proceeded to cut the transmission of the car. This is an extremely dangerous situation for the driver especially at 100 kmph speeds on highways and no shoulders. According to Wired,

Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

This is all because of the infotainment system application in Chrysler cars.

All of this is possible only because Chrysler, like practically all carmakers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot.

And thanks to one vulnerable element, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country.

Conclusion

Although smart cars have been known to have vulnerabilities from time to time, manufacturers have been able to fix those via an over-the-air update. Because of the nature of smart cars, it is relatively easier to roll out an update for the car’s software just like you would do for a mobile application.

There is not much you can do when it comes to hardware vulnerabilities, but we certainly have some semblance of control over the software vulnerabilities. Make sure you are running the most updated version of the application in your car. If you control your phone via your mobile phone, make sure you keep your phone safe from malicious software, do not fall prey to social engineering tactics that is commonly used by hackers to make you download malware on your phone.

Autonomous cars still have a long way to go due to their internet-connected computers. There needs to be a fundamental change in the way these cars are made and updated. Car hacking, fortunately, remains largely a concern for the future: No car has yet been digitally hijacked in a documented, malicious case. But that means now’s the time to work on the problem.

Like this: Like Loading...