What is automotive (car) hacking?2022 05 03
Author: Agnė Marija Bučytė
Having your car hacked is still quite a new concept these days. Many people do not often consider this as a possibility because of the lack of information about this subject. Why would someone need to hack into my car? Well, according to Upstream, cyber attacks on cars increased 225% in the last three years, from 2018 to 2021.
The main concern is undoubtedly safety, making this topic even more essential. In reality, a person can also access your private information linked with your car and even take control of it.
Hence, in this blog, we discuss what is automotive (car) hacking, what methods can be used to perform such attacks and how to protect from them.
Automotive hacking: the concept
Automotive hacking is the act of gaining access to a vehicle by means of finding loopholes in software, hardware, or communication systems like Bluetooth or Wi-Fi. In some cases, cars have more lines of code than aircraft. This means that potentially more weaknesses could be found and exploited.
Modern cars have many features which make driving easier and more pleasurable but not necessarily safer. The more sophisticated the system is, the more your car is connected, and the more functions can be taken control of.
What are automotive hacking methods?
Even though you may have a modern or exotic car commonly equipped with a keyless entry or a smart key system, you must be aware of the ways hackers can access your car. Below we present some of the most well-known automotive (car) hacking methods:
Hacking key fobs
Modern cars require the use of key fobs to open them. Even though we use this technology almost every week or day, it can be used against us. There is a chance that you have probably heard someone advise you not to keep your car key near a window, right? An intruder may use a method known as a relay attack to pick up the key fob signal, forward it further, mimic the key signal and access your car. It is not expensive to create a device capable of such an attack. The hacker may use a car hacking device and be able to unlock your automobile and, in some cases, even drive away with a car that does not require key ignition.
How can you protect yourself from such occurrences? There is more than one method you can apply to protect your automobile. For example, you can mechanically block key fob signals by using a faraday-style wallet or a metal container for your key. Also, make sure your keys are out of sight from other people. If none of these methods appeals to you, another solution would be implementing a tracking device. It will not protect your car, but it will help you locate it in case of theft.
Hacking into a car via applications
Let’s say you use a mobile application to be able to perform specific functions with your car, and your mobile phone gets infected with malware. This may also lead to your car being compromised, meaning that sensitive data such as passwords may be retrieved if stored unsafely.
The solution would be to avoid installing suspicious applications, instead, use Play Store or App Store, or better yet, avoid using applications with your car at all.
Hacking via a USB port
Suppose by using social engineering, you are tricked into inserting a malicious USB device into your car. In that case, it can become infected with malware. Furthermore, it is not advised to use the USB port of a rental car because some of your private information may be transferred to the vehicle. If not deleted, it may be stored and accessible by the next person to use the automobile.
It is advised not to charge your phone when using rental cars or remember to check that nothing is stored when finishing the ride. If a hacker manages to find a loophole and access the machine’s telematics system, the person may be able to manipulate various data such as vehicle activity, system reports and track your location, perhaps even have the possibility of controlling it.
Hacking through Wi-Fi, Bluetooth and hotspots
Wi-Fi, Bluetooth and hotspot are just a few among many known methods to hack into your car. It is possible to scan the network and remotely take control of the vehicle.
Avoid using weak passwords for your Wi-Fi and disconnect the Bluetooth function when you do not need it.
The most known automotive hacking incidents
Unlike with some other types of hacking types, it is more difficult to find major “car hacking” incidents because usually individual vehicles are hacked, and it would be hard to find information about every separate incident and provide a very extensive report.
Instead, we can refer to statistics about most hacked cars in 2020 as noted by Consumer Watchdog:
- Ford F-150
- Dodge Ram 1500
- Chevy Silverado
- Toyota Rav 4
- Honda CRV
- Nissan Rogue
- Chevrolet Equinox
- Toyota Camry
- Honda Civic
- Toyota Corolla
Most likely, some of you wonder why Tesla is not on the list or believe it should not be. It has been proven more than once that a Tesla self-driving car can be hacked, and almost every few years, a new loophole can be found. However, a Tesla car is considered more secure in some ways because patches can be made fast.
All the drivers would need to agree to update the system once they receive an invitation to upgrade. Tesla is putting constant effort into improving the security of its products. The company offers large sums of money to anyone who can find flaws in their system.
Even though most car hacking cases are mostly separate hacks into cars, there have been instances that have caused major financial losses to companies. A driver had lost control when driving his Jeep Cherokee when a few hackers managed to remotely take control of the automobile. After the incident, the car’s Chrysler’s manufacturer recalled 1.4 million cars. Moreover, other manufacturers have recalled large numbers of cars. This is not the only incident of this type, Toyota had halted its car production for about a day in suspicion of a cyber attack.
What should we expect from the future?
All in all, car hacking is still relatively a new subject. In the future, many more ways may be discovered to hack into vehicles as they become more modern and more new gadgets and features are introduced. An automobile is an expensive object, and sometimes our safety depends on its safety, making this subject much more sensitive.
As Elon Musk mentioned before, experiencing a fleet-wide attack is the most significant cause of fear. As technology develops, new safety measures are introduced. While car hacking is a real cause for concern, there are many ways you can prevent this from happening. Also, while some people get their automobiles stolen twice using a key fob hack, this may never become an issue for others.
Ransomware attacks targeted specifically at cars is another concept which may prove to be very costly and popular in the future. An intruder may obtain control of the vehicle and demand payment in return for access to the car.
When thinking about car hacking in general, a universal solution would be driving an Audi 80 because it does not contain the technologies that most modern cars have today. Jokes aside, you can always find time to introduce some preventative methods as presented above to stay more secure.
[Webinar] Legacy applications: ensure cloud migration success2022 05 10
On May 19th at 1 PM (CEST) / 2 PM (EEST), we are organising a free webinar to share the successful practices of migrating legacy applications to the cloud.More
Cycling for Ukraine: Robertas takes a 1200 km ride from Vilnius to Berlin2022 04 30
More and more people unite to support Ukraine in various ways. One of them is our colleague Robertas who is now cycling from Vilnius to Berlin, raising money funds for Ukraine from April 29th to May 4th.More
How to build the scalable web applications with Azure services?2022 04 29
If you are interested in building scalable web applications with Azure services, watch our 40-minutes long webinar.More