Like being burgled, hacking your car is an abstract worry. Well, until it happens to you. We hear lots of bad things out there on the news and think to ourselves, “Wow, that’s a shame,” and then go on with our lives. It’s not until a car crash, mugging or fire hits close to home that it becomes real to us. We can now add car hacking to that list.
According to a recent article in Consumer Reports (CR), like life’s other misfortunes, it’s only a matter of time until you or someone close to you is the victim of car hacking. Think of it this way: Coming soon to a car near you, a ransomware attack.
In the summer of 2015, FCA (Fiat Chrysler Automobiles) recalled 1.4 million vehicles with its Uconnect 8.4 infotainment system after a pair of hackers wrestled control of a Jeep Cherokee from the driver using only a laptop and the internet. The driver was a willing participant in the demonstration, but it still forced the issue that the recalled vehicles were susceptible to hacking. It was the first-ever US hacking safety recall. It was a wake-up call for the entire auto industry in general, and a very expensive lesson for FCA in particular.
We’ve all heard the term “soft target.” It’s an unsecured or lightly secured target offering easy access. To hackers, that’s your car. Once upon a time, computers played no part in our automobiles. Then, little by little, more operating systems were computerized. According to CR, as carmakers surrendered more and more functions to processors, they paid only passing attention to security. Then they opened paths from cars to the internet, which we know as “being connected.” Hacking Your Car 101: If you can connect to the internet, a hacker can connect to you.
Today’s new cars are more computer than anything else. CR points out that in addition to infotainment systems being connected to the internet, there are flawed software phone apps, unprotected key fobs and several other entry points for hackers. Every wireless interface is vulnerable.
The Criminal Mind
Legend has it that when notorious stick-up man Willie Sutton was asked why he robbed banks, he quipped, “That’s where the money is.” Although hackers are mostly romanticized on TV and in movies as they crack this code or find a backdoor into that server, in reality, they’re criminals. And, like Willie Sutton, a hacker is going to go after the low-hanging fruit.
Program a way to install malware into the operating systems of 100,000 cars, or maybe 1.4 million of them, and an enterprising hacker is on his or her way. How much would you need to extort from one million drivers to allow them to start their cars to make the entire exercise worthwhile?
What it means to you: No point lying awake at night fretting about someone hacking your car. There’s not much you can really do about it. It’s a problem to be solved by carmakers and their technology suppliers, but be aware that the threat is real.