With the advent of the Internet of Things (IoT) era, connected cars are becoming more ubiquitous than ever. According to the below visual from Arxan, an app protection company, 75% of all cars shipped globally will have internet connectivity by 2020.
Already, connected cars have more than 100 million lines of code. Connected features are designed to improve things like safety, fuel efficiency, and overall convenience, and are now often pre-built in standard models as consumer demands rise.
Specifically, these features range from Bluetooth, WiFi, cellular network connections, keyless entry systems, to deeper “cyberphysical” features like automated braking, and parking and lane assist.
With this increasing connectivity, however, comes the potential for malicious manipulation. Connected cars today have many attack points to exploit, from the OBD2 port used to connect third-party devices, to the software running on infotainment systems, one of the primary communication interfaces of a connected car.
According to Arxan, some of the more vulnerable attack points to look out for are mobile apps that unlock vehicles and start a vehicle remotely, diagnostic devices, and insurance dongles, including the ones insurance companies give to monitor and reward safe drivers.
These plug into the OBD2 port, but hackers could essentially access any embedded system in the car after lifting cryptographic keys, as Arxan’s page on application protection for connected cars describes.
Hacks are usually demonstrated in conferences like Black Hat. For example, in 2010, researchers of the University of Washington and the University of California San Diego hacked a car that had a variety of wireless capabilities.
The vulnerable attack points they targeted included its Bluetooth, the cellular radio, an Android app on the owner’s phone that was connected to the car’s network, and an audio file burned onto a CD in the car’s stereo.
Then, in 2013, hackers Charlie Miller and Chris Valasek hijacked the steering and brake systems of both a Ford Escape and Toyota Prius with only their laptops.
Steps to Staying Safe from Hacking:
According to the FBI and Department of Transportation in a public service announcement, it’s crucial that you adhere to the following in order to best protect yourself:
- Keep your vehicle’s software up to date
- Stay aware of recalls that require manual security patches to your car’s code
- Avoid unauthorized changes to your car’s software
- Use caution when plugging insecure devices into the car’s network
With the latest remote hack of a Tesla Model S, it seems that the response time between finding out about a breach and issuing a patch to correct it is thankfully getting shorter.
As more automotive companies become tech-oriented like Tesla, they will also need to cooperate with OEMs to make sure operating systems are designed securely. This will take either coordination or enough cash to bring such operations in-house, so time will tell.