Hey, did you know your car could be HACKED as you drive?
Part 2 of our new series on Vehicle Cybersecurity
This is the stuff of nightmares. You’re driving the highway when suddenly your car stops, with your front view mirror showing a truck plowing into you at 70 miles per hour. A second later, your car thrusts forward, nearly throwing you on the bus in front. Your mirrors roll shut. Your trunk door swings open. The heat turns on, its mid-summer. Your horns blast. Your car doors are stuck; you’re trapped.
No, it’s not sci-fi. It’s real life and this remote car hacking incident hit Tesla’s Model S in 2016.
The guys that hacked Tesla
Hired by Tesla, a team of black hat experts in China’s Keen Security Lab used remote control to test variations of the company’s Model S for security flaws. Minutes later, parked Tesla cars acted up, blasting horns, blinking lights and refusing to open their doors to owners’ keys or fobs. When the hackers allowed their owners entry, the cars almost rammed them into a ditch, stalled them on busy roads and turned on their car stereos to the highest pitch.
A car is nothing less than a computer on wheels. Hack its internal system, and you can do whatever you want:
- Drive a parked car
- Disable brakes
- Fold its mirrors
- Open the sunroof
- Blink its steering lights
- Accelerate the gas
- Paralyze its steering wheel
- Move the car seats
- Rev up its air conditioning
And so forth. (Fun!)
In Tesla’s case, the engineers played each of these pranks – and more – from a laptop in their laboratory 12 miles away.
“Today’s cars,” Samuel LV, Director of Keen Security Lab said, ¨are soon all going to be connected to the internet, so you can definitely expect security issues once this happens.¨
Here is how remote car hacking works
¨When you’re driving an automobile today,” Professor Stefen Savage of UC San Diego´s Department of Computer Science told MotherBoard, ¨you are driving a big computer system that happens to have wheels and a motor.¨
Each and every function in your car is mediated through the Controller Area Network (CANbus), which is the car’s nervous/internal system. Essentially, your car is one big computer, with its data uploaded to a telematics control unit (TCUs) that’s on the cloud. All the functions of the vehicle, from brakes to horns to gas pedal, are interconnected on that cloud as IoT devices – easily accessible by sophisticated hackers who could use their know-how to remotely control your vehicles.
In the worst case scenario, terrorists can program multiple cars to randomly bump into each other, even taking over airplanes, buses, ambulances, tanks and so forth. All their devices are embedded on the internet, which makes hacking them a whiz for those with the right gadgets and skill.
Conspiracy theorists say remote car hacking is done every day by the government. Heard of those mysterious deaths of important figures, allegedly assassinated by someone like Soros, Putin or Mueller, according to conspiracy groups like QAnon?
So if you’re not an important figure, nor a valuable automaker like Kia whose automobiles were remotely hacked in February 2021, you’d think you and I don’t need to be concerned.
I wish that were the case, but ransomware hackers seem to be in on the game, where a rare few rogues have started taking over vehicles and blackmailing owners.
Such happened with South Korean-based Kia Corporation earlier this year, where a group called DoppelPaymer stopped Kia’s customers from remotely unlocking their vehicles or from heating them during a miserable winter. To unblock the command, Kia’s executives were told to hand over $20,000,000. The company could afford it – but if that happens to you, short of buying another car, there’s little you or anyone else can do to override the coup.
The comforting thought is that the hacking device is extremely expensive and complex to build – at the moment. It takes a sophisticated scoundrel to manage the feat. Each car has its own language and few automotive pieces have been publicly mapped. Further, there’s little literature on the subject, and the core hardware’s difficult to get.
No random vehicle has been remotely hacked as yet, but the threat’s real. Security researchers say it’s only a matter of time before remote car hacking becomes the next gig on the block.
How can you protect your car against cyber hacking?
- Create unique passwords and change them often. You’ll want complex passwords, unlike the “123456” default password of the GPS tracking app that allowed thieves to hack thousands of vehicles in 2019.
- Update your vehicle’s software. Up-to-date software contains the latest security patches.
- Turn off your GPS tracker when it’s not needed. Hackers can halt your car in its tracks through GPS spoofing, where they interfere with your GPS radio signal and trick the car into believing its reached its destination.
- Keep your car simple – Go for a “dumb” car – the more microprocessors your car has, the easier to hack. Tesla, for example, had 67 microprocessors. Better an old-looking Ford than a glitzy Lamborghini. Those, together with other luxury cars like BMWs and Ferraris, are the hottest on the market for thieves.
- Forget about owning a self-driving car for the moment. Aside from its other significant issues, the car’s digital sophistication makes it more vulnerable to invasion.
So with cybersecurity, it’s the usual deterrents.
Drive safely. Stay safe.