Hackers have a new target: Your car

December 26, 2019

By Mark Jones

Have you turned your house into a “smart home” yet? Millions of Americans have already started making the switch and most love the convenience that comes with it.

You can do things like turn the lights on and off, save money by lowering the heat during winter when you’re not home and making it warmer when you’re about to arrive. If you don’t know where to begin, check out our smart home starter kit. Tap or click here to find out what you should buy first for your smart home.

Smart technology doesn’t end when you walk out the door. It’s now made its way to most modern vehicles — but there’s a problem. Hackers are now targeting smart cars and there really isn’t anything to stop them.

Why it’s so easy to hack smart car technology

Is your smart car vulnerable to cyberattacks? According to new research published in the “Journal of Crime and Justice,” the answer is an unequivocal “yes.”

Researchers from Michigan State University (MSU) concluded that as vehicles become smarter and are more connected to Wi-Fi, hackers will have more opportunities to breach their systems.

And if you connect your smartphone to the car through a USB port, you’re giving hackers backdoor access to data from both your phone and your car. But it’s not just data that is at risk. Hackers could also be putting people’s lives in danger.

Related: 5 essentials when buying a connected car

Professor of criminal justice at MSU, Thomas Holt, stated:

The risk with vehicles isn’t just personal data — though that is still a real concern.

Thomas Holt

Holt explained if a car is compromised, a hacker could alter alert systems that would normally tell drivers when tire pressure is low or to keep the emergency brake sensory system from kicking in. Without these safeguards, it could lead to serious accidents and loss of life.

For a criminal to be successful, three things need to come together. There needs to be a motivated offender, a suitable target and a lack of guardian.

The lack of a guardian is the biggest threat in smart car technology. What that means is currently, there is no one technically responsible for smart vehicles’ central computer systems.

Think of it like any other manufacturer problem your vehicle might run into. If a particular car model has a known sensor problem, the manufacturer will recall the car and replace the sensor at no cost to the consumer.

Cybersecurity issues with smart vehicles don’t get the same treatment. If a security flaw is discovered with your smart car, you’re just out of luck. You can’t take the car back to the dealership to have the software updated and the flaw patched.

There needs to be a way for carmakers to update these systems remotely, so it’s easy for the consumer. There isn’t one in place yet and we’ve already seen hackers take advantage of different types of car technology.

How hackers are stealing keyless cars

Bad actors have been taking advantage of cars with keyless entry. One popular way is what’s known as a “relay hack.”

Always-on key fobs present a serious weakness in your car’s security. As long as your keys are in range, anyone can open the car and the system will think it’s you. That’s why newer vehicles won’t unlock until the key fob is within about one foot.

Sadly, criminals can get cheap relay boxes that capture key fob signals up to 300 feet away and transmit them to your car.

Here’s how it works: A crook stands near your car with a relay box while an accomplice scans your home with another relay box. When your key fob signal is picked up, it is transmitted to the box that’s closer to your car, prompting it to open.

In laymen’s terms, your keys could be in your house and criminals could walk up to your car and open it. This isn’t just a theory, it’s actually happening. Tap or click here to read an example of how thieves are stealing cars with $11 equipment.

That’s just one example of how hackers are taking advantage of technology. There are more. Tap or click here to learn 7 clever ways hackers are stealing keyless cars and how to stop them.

Speaking about the vulnerabilities found in the MSU study, Holt said, “It’s critical to think beyond thresholds and recalls because cybersecurity isn’t a recoverable problem, but rather one that requires constant system patching updates, installations and new codes written. This is more complicated but needs to be an active guardian process.”

He’s right. When a vulnerability is discovered with your smartphone, an operating system update is released that fixes the problem. There needs to be a way for smart cars to receive the same type of updates. Unfortunately, we’re not there yet.

https://www.komando.com/tips/cybersecurity/hackers-target-your-car/