Smart Cars and Hacking
Imagine getting in your car one morning on your way to work. You turn the ignition key on to start it, just as you normally would any day. Instead of hearing the engine cranking, the LCD display on the dash flashes a warning “Your car has been encrypted. Please pay $500 to unlock. Press here to enter payment information”. How could this happen, you ask yourself. Little did you know your smart car had an insecure wireless connection that allowed a hacker to load a virus and cripple it.
While this story is fantasy for now, it could eventually become a reality. Cars today are loaded with technology. Multiple computer systems run various components that improve drivability, emissions, and comfort. Computers control steering, braking, acceleration, gauges, engine, and transmissions. But studies recently being conducted are demonstrating that smart car manufacturers aren’t taking security as seriously as they should. A recent report found that manufacturers lack consistent and standardized security, and that most have almost no resources in place to detect or respond to a security breach in one of their automobiles. This leaves consumers vulnerable to an attack, with little you – or they – can currently do to prevent it.
Many vehicles come with Bluetooth or other wireless technology that allow your smartphone and gadgets to connect. While the convenience of taking calls and loading your music library is great, it’s an entry point for a hacker as well. The software that runs a smart car’s “brains” may not be specific to any one brand. As with many smart devices, the operating systems may be modified slightly, but at their core are the same. This means a vulnerability discovered in one could potentially be applied to many. Suddenly, a successful exploit on one smart car may work on lots of others.
Automobile manufacturers have announced that smart cars will soon be able to communicate with each other and the environment. For example, if the car in front of you brakes suddenly, your smart car will know this and also brake faster than you can react. Cars approaching a red light could automatically stop if the driver is distracted. While these new technologies could have enormous safety advantages, the communication between your vehicle and its surroundings needs to be secure. When you allow an outside entity to control how your smart car behaves, great care must be taken to ensure security and integrity.
Smart cars today collect personal information such as where it’s driven and parked, what stations you listen too, how fast you drive, and other things. This information is often transmitted to the manufacturer or a third party data center. How long the information is saved varies. However, few if any manufacturers are vocal about how this information is used. Also, there is no way to opt out of the data collection. Privacy concerns are abound here, since the automotive industry has very little regulation when it comes to consumer privacy. Information has value, and could be compromised in transmission to the manufacturer, or potentially stolen through other means. It should also be noted that law enforcement might have interest in some of this. Medical and financial information is protected – how fast you are driving is not. It might seem that the line between respecting privacy and finding potential lawbreakers is not very clear.
Not all technology comes preinstalled with your car. Transponders for E-Z Pass are prevalent and have simplified our commutes. However, your transponder isn’t just read at the toll both. In 2013, a hacker known as Puking Monkey (I’d like to know where he got that name!) altered his E-Z Pass to alert him each time it was read. During a drive from Times Square to Madison Square Garden, his E-Z Pass was read multiple times. As to why, the reason was simple enough. New York City installed reader’s allover midtown to help manage and track traffic flow. Great idea, except few people knew about it. And as to where the information was kept, how long it was kept for, and other uses it might have – that remains a mystery.
Potential vulnerabilities aren’t limited to someone with local access to a vehicle. Keyless entry is available on most vehicles now. It’s even possible for the manufacturer to remotely unlock your car with the touch of a button. While this convenience is great when you’ve locked your keys in the car, the same technology could be used to unlock your car and allow someone else to gain entry. Viper, the manufacturer of a well-known automotive security system, offers a cloud service where you can remotely start, lock or unlock, and track your vehicle – all from your smart phone. Users should consider, however, that you need to be concerned with how this company maintains network computer security. This service connects your car to the internet, and allows vital systems to be accessed. If one of their servers was compromised, would it be possible for a hacker to control and steal your smart car?
Technology in smart cars today is designed to help us and keep us safe. Being aware of this technology and potential misuses is just as important as how to use it. The days of the crook with a hammer and screwdriver stealing a car could soon be replaced by a laptop and wireless connection.