Like anything else powered by software and perpetually tethered to the internet, connected cars are susceptible to cyberattacks.
With the help of electronic accessories and software techniques, a determined hacker can intercept or block your key fob signal, infiltrate your car’s software and even remotely control your vehicle.
So, is your connected car hackable? Here are the top threats you must watch out for, presented by our sponsor, CarShield.
Compromised car apps
Does your car have a smartphone app that allows you to unlock and start it remotely?
Almost every car manufacturer offers this convenience in specific makes and models. And it’s not just newer cars. You can also install aftermarket remote start kits to turn any vehicle into a connected one.
Account usernames and passwords protect these apps. If hackers can break into your account or exploit a bug in the car’s software, they can compromise your entire vehicle.
To protect your remote start app, change the default password, use strong and unique credentials and never reuse your passwords from other services. Enable two-factor authentication (2FA) whenever available, and always keep your app up-to-date.
Telematics is a connected system that can monitor your vehicle’s behavior remotely. This data may include your car’s location, speed, mileage, tire pressure, fuel use, braking, engine/battery status, driver behavior and more.
Anything connected to the internet is vulnerable to exploits, and telematics is no exception. If hackers manage to intercept your connection, they can track your vehicle and even control it remotely. Scary!
Before you get a car with built-in telematics, please consult with your car dealer about the cybersecurity measures they’re employing on connected vehicles. If you have a connected car, ensure its onboard software is always up-to-date.
Aside from taking over your car via telematics, hackers can also employ old-school denial-of-service attacks to overwhelm your vehicle and potentially shut down critical functions like airbags, anti-lock brakes and door locks.
This attack is feasible since some connected cars have built-in Wi-Fi hotspot capabilities. As with regular home Wi-Fi networks, they can even steal your data if they infiltrate your car’s local network.
Also, it’s a matter of physical safety. Remember, modern cars are run by multiple computers and Engine Control Modules (ECMs). If hackers can shut these systems down, they can put you in grave danger.
Changing your car’s onboard Wi-Fi network password regularly is a must. Turning off your car’s Bluetooth and Wi-Fi is also a good idea when not in use.
Onboard diagnostics (OBD) hacks
Did you know virtually every car has an onboard diagnostics (OBD) port? This interface allows mechanics to access your car’s data to read error codes, statistics and even program new keys.
Anyone can buy exploit kits that can utilize this port to replicate keys and program new ones to use them for stealing vehicles. Now, that’s something that you don’t want to be a victim of.
To protect yourself, always go to a reputable mechanic. Plus, a physical steering wheel lock can also help.
Another old-school internet hack is also making its way to connected cars, specifically models with internet connectivity and built-in web browsers.
Yep, it’s the old phishing scheme, and crooks can send you emails and messages with malicious links and attachments that can install malware on your car’s system.
As usual, anything’s possible once the malware is installed — ransomware, keyloggers, spying software. Worse yet, car systems don’t have built-in malware protections (yet), so this can be hard to spot.
To prevent malware intrusions, practice good computer safety practices even when connected to your car. Never open emails and messages nor follow links from unknown sources.
Key fob attacks
Aside from your onboard car computer system, crooks also rely on old-school key fob attacks to compromise your car, and it’s getting worse. With the proliferation of cheap electronics and relay gadgets that can be purchased easily over the internet, these types of attacks are mounting fast!
The relay hack
Always-on key fobs present a serious weakness in your car’s security. If your keys are in range, anyone can open the car, and the system will think it’s you. That’s why newer car models won’t unlock until the key fob is within one foot.
However, criminals can get relatively cheap relay boxes that capture key fob signals up to 300 feet away and transmit them to your car.
Here’s how this works. One thief stands near your car with a relay box while an accomplice scans your house with another. When your key fob signal is picked up, it is transmitted to the box closer to your car, prompting it to open.
In other words, your keys could be in your house, and criminals could walk up to your car and open it. This isn’t just a theory either; it’s actually happening.
In this scenario, the crooks will block your signal, so when you issue a lock command from your key fob, it won’t reach your car and your doors will remain unlocked. The crooks can then have free access to your vehicle.
To prevent this from happening to you, always manually check your car doors before stepping away. You can also install a steering wheel lock to deter thieves from stealing your car, even if they get inside.
How to stop key fob attacks
There are a few easy ways to block key fob attacks. You can buy a signal-blocking pouch that can hold your keys, like a shielded RFID-blocking pouch.
Stick it in the fridge …
If you don’t want to spend money, stick your key fob into the refrigerator or freezer. The multiple layers of metal will block your key fob’s signal. Just check with the fob’s manufacturer to ensure freezing your key fob won’t damage it.
… or even inside the microwave
If you’re not keen to freeze your key fob, you can do the same with your microwave oven. (Hint: Don’t turn it on.) Stick your key fob in there, and criminals won’t be able to pick up its signal. Like any seasoned criminal, they’ll move on to an easier target.
Wrap your key fob in foil
Since your key fob’s signal is blocked by metal, you can also wrap it up in aluminum foil. While that’s the easiest solution, it can also leak the signal if you don’t do it right. Plus, you might need to stock up on foil. You could also make a foil-lined box to put your keys in if you’re in a crafting mood.
Protect your wallet with CarShield
Starting at only $99 a month, CarShield offers customizable and flexible payment plans with no long-term contracts. CarShield has helped over 1 million customers. It’s America’s No. 1 auto protection company, for good reason.
If you have an extended warranty on your vehicle, you’re probably wondering how CarShield is different. Simply put, it picks up where your warranty drops off or fills gaps in coverage.
It’s also different from your auto insurance policy. In general, auto insurance covers collision or accidental damage to your vehicle. A CarShield service contract covers the mechanical parts of your car. Your engine, transmission and other vital parts are protected anytime they break down or malfunction.
Save even more for being a listener of Kim’s show! Call CarShield at 800-CAR-6000 and mention code KIM or visit CarShield.com/Kim and use code KIM to save 10%!