In today’s Internet of Things (IoT) world, almost everything is reachable online. From your home thermostat and garage door opener to locks on your doors, almost everything is connected (or can be connected) to the internet. Considering all the devices that you use daily, the likelihood that your car is also connected to the internet is almost a given. The problem is that if it’s connected to the internet, it has the potential to be hacked.
Why Connected Cars?
I know what you’re thinking, “Why in tarnation would my car need to be connected to the internet? What benefit could that be?”. Connected cars have been around since the 1990’s. Connected cars can trace their roots back to 1996 when GM partnered with Motorola to bring the industry’s first telematic system, OnStar.
There are many benefits to having a “connected” car. Some so common, we may not even think of it as a benefit of having a connected car. Navigation or “advanced navigation”, if you will, is one benefit of the connected car. Your car’s navigation system and fuel system can be integrated, prompting your navigation system to automatically alert you to nearby filling stations when your car’s fuel is running low.
Safety is another benefit of the connected car. Modern vehicles use an array of hardware and software options to gather data about the surrounding environment, from obstacles in the road to weather conditions, connected cars are constantly gathering data. This data can be used to inform a driver on traffic conditions or be used to help a driver avoid obstructions in the roadway.
Hacking the Car
Car hacking is nothing new. In 2015 Wired.com published an article about a car that was hacked while driving down the interstate in St Louis, MO (https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/). This article was a stark reminder of just how vulnerable we all are when taking to the roads in the family truckster. According to the article the attackers were able to control the windshield wipers, radio and, more concerning, the transmission allowing attackers physically stop the car. In January of 2020, an article on darkreading.com (https://www.darkreading.com/edge/theedge/car-hacking-hits-the-streets/b/d-id/1336730), provided statistics regarding documented digital, electronic and cybersecurity attacks pertaining to vehicles. The statistics provided indicated that number of attacks went from 78 in 2018 to 176 in 2019. 176 attacks may not seem like much, but considering the increase was more than double the previous year, you can see how that number can quickly grow exponentially. Along with this, considering the fact that GM, Toyota and Ford intend to sell only connected cars in 2020, you can see how this may become concerning sooner than later.
The integration of technology with automobiles is showing no sign of slowing down. Automobile manufacturers are integrating with credit card companies to allow users to make mobile payments from their cars. This opens the automotive industry to the possibility of identity or credit card fraud. Safety continues to be a key concern and automakers continue to use technology to make cars safer. Using cameras some automakers are attempting to track fatigue of the driver, and using this information to adjust temperature, seat functions and music levels to ensure the driver is awake and alert. These are just a few of the future integrations with automobiles and technology.
As a conclusion to these articles we like to provide some simple tasks that people can use to help protect themselves from potential attackers. This article does not contain that information, because, frankly, short of never driving a car again, there is nothing practical that can be done to defend against this type of threat. Luckily the automotive industry has taken notice and is taking steps to ensure the safety of the vehicles they manufacture and sell. Tesla, GM, Toyota and Ford are now actively working together and have created an information and analysis center to help track and identify these types of vulnerabilities.
Written by Nathan Rice
Nate has fifteen years of IT experience spanning a variety of domains with a focus in defensive security. Nate currently holds the following certifications: CEH, CompTia Security+ and CompTia A+. Prior to TechGuard Security, Nate was a Senior IT Security Engineer at a Fortune 100 organization. As a Security Engineer, Nate focused on new technology integration and implementation. Along with a variety of application administration roles in security operations, his past project work includes, Implementation of a DLP Program, Single Sign On Program and Multifactor Authentication. At TechGuard Security, Nate conducts audit control assessments, penetration tests, vulnerability assessments and social engineering exercises. Nate’s focus is on customer service and support, as well as providing customer solutions to complex IT security challenges. When not working or studying Nate enjoys being outdoors and spending time with his wife and kids.