Last summer, to show how the danger of car-hacking is real, a team from Wired Magazine hacked into a Jeep Cherokee SUV and — from a remote location — drove it into a ditch. This led to the recall of 1.4 million vulnerable cars and, supposedly, to the manufacture of new cars that are less susceptible to such a frightening take-over.
In fact, in some ways, the newer cars may be more vulnerable.
Warning from the FBI and National Highway Traffic Safety Administration: Despite new safeguards, the increasing use of computers in motor vehicles poses an increasing risk of car-hacking. In a public service announcement issued on March 17, the FBI said,
“Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.”
Those threats come from linkages between different on-board systems that provide “portals through which adversaries may be able to remotely attack the vehicle controls and systems.”
In addition, the FBI warned, third-party devices plugged into a vehicle diagnostic port can “introduce vulnerabilities by providing connectivity where it did not exist previously.”
What a Hacker Could Control
Keyless ignition, acceleration, brakes, steering, turn signal, lights, GPS, diagnostic navigation, tachometer, windshield wipers, door locks, tire pressure monitoring, air conditioning, entertainment systems.
How to Protect Yourself
Go to the FBI’s website for a comprehensive report on the Do’s and Don’t’s that will keep you relatively safe. In the meantime, here is a streamlined list:
• Watch for recalls.
• Keep your vehicle software up to date.
• Verify authenticity of software update notices. You could get a fake message tricking you into opening an attachment containing malicious software. To avoid this, visit the manufacturer’s website to see what, if any, software updates it has issued.
• Avoid downloading software from third-party websites or file-sharing platforms.
• Always use a trusted USB or SD card storage device when downloading and installing software to a vehicle.
• Be especially careful when connecting third-party devices to vehicles
• Be aware of who has physical access to vehicles
Has it Happened For Real?
When BBC News reported the FBI’s warning, they ended their article with the comment, “However, there has not yet been a real-world example of such hacking.” We’re not so sure. If investigative journalist Michael Hastings were still alive, he would probably investigate the kind of “accident” that killed him. To see our coverage of this fascinating case, please go here, here, here, here, and here.
Related front page panorama photo credit: Adapted by WhoWhatWhy from Jeep Cherokee (Day Donaldson / Flickr – CC BY 2.0), “Hacker” (Erich Stüssi / Flickr – CC BY-SA 2.0)