Hacking High Tech Cars
Hackers Infiltrating Cars Since 2010
Cristal M Clark
If you are anything like me, you love new tech, especially if we can access it hands free in our motorized transports. Let’s face it, technology makes our everyday lives easier. A new standard for new cars is to develop them and sell them full of modern technology which comes with a lot of risk because it actually gives cybercriminals endless ways to access the vehicle and take over your car.
Cybersecurity firm IntSights recently released, “Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features,” which just so happens to be a study on how hackers are managing to get into cars and do a decent amount of damage.
What’s worse is that they have been doing just that since roughly 2010.
The report states; “The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought.”
That’s right, apparently originally no one actually took the threat as seriously as they should have. You see back in the day, cars were considered way, way, waaaay too difficult to hack into and not worth the amount of time and energy required.
Welcome to 2019, where people are struggling worldwide, where you get paid more to break laws, as cars have added things like Wi-Fi, GPS, and other features, the amount of ways to attack have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods.
“IntSights discovered easy-fo-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.”
And some of you think puffer laws are here to protect us, these days you don’t even need to leave your car running unattended for it to be stolen, all thanks to modern technology.
The IntSights report also pointed out that most car hacking tools can in fact, be found on websites or forums like Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat, which provide a wealth of information, tools, code grabbers, and tutorials. There are also a bevy of Russian sites offering help like forum.grabbs.org, Migalki.pw, and Chipadla.ru. IntSights went onto say that the most popular method involves attacking a car’s CAN protocol, which can give a hacker full access to all of the vehicle’s functions.
“The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it. However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer’s backend system, to which many modern cars are connected.”
Hackers could gain access through car companies too, because those companies now communicate with vehicles through applications that send information to them. If there is a breach of the car company’s servers, like we see in the news for pretty much any company these days, a cybercriminal could easily access the information shared between the company servers and the vehicle’s brain.
Hackers have also been able to load malware onto a car owner’s phone, through phishing campaigns or fake apps, and infect vehicles that way. Cybercriminals have even had success manipulating cellular networks through built in SIM cards, which car companies use to extract real-time information and update firmware.
If you think that is bad, think again because cybercriminals have also been able to attack a car’s Remote Keyless System, which allows owners to open and start their vehicle without a key. The key fob technology used for this system is decades old and is considered tough to crack, but a new generation of code grabbers has allowed car thieves to either outright mimic the signals or intercept them.
While all of this seems like an unimaginable nightmare, I can assure you that it is not. Like it or not, if you are connected with your car, refrigerator, coffee maker, security system, pretty much anything these days, you are at risk of being hacked.
Cristal M Clark