Like anything else powered by software and perpetually tethered to the internet, connected cars are susceptible to cyberattacks.
With the help of electronic accessories and software techniques, a determined hacker can intercept or block your keyfob signal, infiltrate your car’s software and even remotely control your car.
So, is your connected car hackable? Here are the top threats that you need to watch out for, presented by our sponsor, CarShield.
Compromised car apps
Does your car come with its own smartphone app that allows you to unlock and start it remotely?
Almost every car manufacturer offers this convenience in certain makes and models. And it’s not just newer cars. You can also install aftermarket remote start kits to turn any car into a connected one.
Account usernames and passwords protect these apps. If a hacker can break into your account or exploit a bug in the car’s software, they can compromise your entire vehicle.
To protect your remote start app, change the default password, use strong and unique credentials and never reuse your passwords from other services. Enable two-factor authentication (2FA) whenever available and always keep your app up-to-date.
Telematics is a connected system that can monitor your vehicle’s behavior remotely. This data may include your car’s location, speed, mileage, tire pressure, fuel use, braking, engine/battery status, driver behavior and more.
Anything that’s connected to the internet is vulnerable to exploits, and telematics is no exception. If hackers manage to intercept your connection, they can track your vehicle and even control it remotely. Scary!
Before you get a car with built-in telematics, consult with your car dealer about the cybersecurity measures they’re employing on connected cars. If you do have a connected car, make sure its onboard software is always up-to-date.
Aside from taking over your car via telematics, hackers can also employ old-school denial-of-service attacks to overwhelm your car and potentially shut down critical functions like airbags, anti-lock brakes and door locks.
Since some connected cars even have built-in Wi-Fi hotspot capabilities, this attack is completely feasible. As with regular home Wi-Fi networks, they can even steal your personal data if they manage to infiltrate your car’s local network.
Also, it’s a matter of physical safety. Remember, modern cars are basically run by multiple computers and Engine Control Modules (ECMs). If hackers can shut these systems down, they can put you in grave danger.
Changing your car’s onboard Wi-Fi network’s password regularly is a must. Turning off your car’s Bluetooth and Wi-Fi when not in use is also a good idea.
Onboard diagnostics (OBD) hacks
Did you know that virtually every car has an onboard diagnostics (OBD) port? This interface allows mechanics to access your car’s data to read error codes, statistics, and even program new keys.
Anyone can buy exploit kits that can utilize this port to replicate keys and program new ones to use them for stealing vehicles. Now, that’s something that you don’t want to be a victim of.
To protect yourself, always go to a reputable mechanic. Plus, a physical steering wheel lock can also help.
Another old-school internet hack is also making its way to connected cars, specifically models with internet connectivity and built-in web browsers.
Yep, it’s the old phishing scheme and crooks can send you emails and messages with malicious links and attachments that can install malware on your car’s system.
As usual, once malware is installed, anything’s possible — ransomware, keyloggers, spying software. Worse yet, car systems don’t have built-in malware protections (yet), so this can be hard to spot.
To prevent malware intrusions, practice good computer safety practices even when connected to your car. Never open emails and messages nor follow links from unknown sources.
Aside from your onboard car computer system, crooks are also relying on old-school key-fob attacks to compromise your car and it’s getting worse. With the proliferation of cheap electronics and relay gadgets that can be purchased easily over the internet, these types of attacks are mounting fast!
The relay hack
Always-on key fobs present a serious weakness in your car’s security. As long as your keys are in range, anyone can open the car and the system will think it’s you. That’s why newer car models won’t unlock until the key fob is within one foot.
However, criminals can get relatively cheap relay boxes that capture key fob signals up to 300 feet away, and then transmit them to your car.
Here’s how this works. One thief stands near your car with a relay box while an accomplice scans your house with another one. When your key fob signal is picked up, it is transmitted to the box that’s closer to your car, prompting it to open.
In other words, your keys could be in your house, and criminals could walk up to your car and open it. This isn’t just a theory either; it’s actually happening.
In this scenario, the crooks will block your signal, so when you issue a lock command from your key fob, it won’t actually reach your car and your doors will remain unlocked. The crooks can then have free access to your vehicle.
To prevent this from happening to you, always manually check your car doors before stepping away. You can also install a steering wheel lock to prevent car thieves from stealing your car even if they do get inside.
How to stop key-fob attacks
There are a few easy ways to block key-fob attacks. You can buy a signal-blocking pouch that can hold your keys, like a shielded RFID-blocking pouch.
Stick it in the fridge …
If you don’t want to spend any money, you can stick your key fob into the refrigerator or freezer. The multiple layers of metal will block your key fob’s signal. Just check with the fob’s manufacturer to make sure freezing your key fob won’t damage it.
… or even inside the microwave
If you’re not keen to freeze your key fob, you can do the same thing with your microwave oven. (Hint: Don’t turn it on.) Stick your key fob in there, and criminals won’t be able to pick up its signal. Like any seasoned criminal, they’ll move on to an easier target.
Wrap your key fob in foil
Since your key fob’s signal is blocked by metal, you can also wrap it up in aluminum foil. While that’s the easiest solution, it can also leak the signal if you don’t do it right. Plus, you might need to stock up on foil. You could also make a foil-lined box to put your keys in if you’re in a crafting mood.
Protect your wallet with CarShield
The holidays are almost here, and none of us can afford expensive car repairs. Starting at only $99 a month, CarShield offers customizable and flexible payment plans with no long-term contracts. CarShield has helped over 1 million customers. It’s America’s No. 1 auto protection company, for good reason.
If you have an extended warranty on your vehicle, you’re probably wondering how CarShield is different. Simply put, it picks up where your warranty drops off or to fill gaps in coverage.
It’s also different from your auto insurance policy. In general, auto insurance covers collision or accidental damage to your vehicle. A CarShield service contract covers the mechanical parts of your vehicle. Your engine, transmission and other vital parts are protected anytime they break down or malfunction.
Save even more for being a listener of Kim’s show! Call CarShield at 800-CAR-6000 and mention code KIM or visit CarShield.com/Kim and use code KIM to save 10%!