The gifts of modern technology give us unprecedented convenience. We tend to welcome technological progress with open arms, but it will always come at a price. You’ve heard about the connected “smart home” right? But how about the connected car?
Similar to anything that’s powered by software and is perpetually tethered to the internet, connected cars are susceptible to cyberattacks. And this increasing number of connected cars on the road has led to a new kind of danger: car software hacks.
Now, with the help aid of electronic accessories and software techniques, a determined hacker can intercept or block your keyfob signal, infiltrate your car’s software and even remotely control your car. This is definitely an emerging threat!
To fight this growing danger and prevent your connected car from becoming a car hacking statistic itself, awareness is definitely the key.
So is your connected car hackable? Here are the top car threats that you need to watch out for.
Compromised car apps
Does your car come with its own smartphone app that allows you to unlock and start it remotely?
Almost every car manufacturer offers this convenience in certain makes and models. And it’s not just newer cars, you can also install aftermarket remote start kits (Viper, Python, DroneMobile, etc.) to turn any car into a connected one.
But as always, these apps are protected by account usernames and passwords. If a hacker can break into your account or exploit a bug in the car’s software, they can compromise your entire vehicle.
To protect your remote start app, change the default password and always use strong and unique credentials (never reuse your passwords from other services). Enable two-factor authentication (2FA) whenever available and always keep your app up-to-date.
One of the current buzzwords for connected cars is something called telematics. What is telematics? Simply put, it’s a connected system that can monitor your vehicle’s behavior remotely. This data may include your car’s location, speed, mileage, tire pressure, fuel use, braking, engine/battery status, driver behavior and more.
But as usual, anything that’s connected to the internet is vulnerable to exploits, and telematics is no exception. If hackers manage to intercept your connection, they can track your vehicle and even control it remotely. Quite scary!
Before you get a car with built-in telematics, consult with your car dealer about the cybersecurity measures they’re employing on connected cars. If you do have a connected car, make sure its onboard software is always up-to-date.
Aside from taking over your car via telematics, hackers can also employ old-school denial-of-service attacks to overwhelm your car and potentially shut down critical functions like airbags, anti-lock brakes and door locks.
Since some connected cars even have built-in Wi-Fi hotspot capabilities, this attack is completely feasible. As with regular home Wi-Fi networks, they can even steal your personal data if they manage to infiltrate your car’s local network.
Also, it’s a matter of physical safety. Remember, modern cars are basically run by multiple computers and Engine Control Modules (ECMs). If hackers can shut these systems down, they can put you in grave danger.
Changing your car’s onboard Wi-Fi network’s password regularly is a must. Turning off your car’s Bluetooth and Wi-Fi when not in use is also a good idea.
Onboard diagnostics (OBD) hacks
Did you know that virtually every car has an onboard diagnostics (OBD) port? This is an interface that allows mechanics to access your car’s data to read error codes, statistics and even program new keys.
It turns out, anyone can buy exploit kits that can utilize this port to replicate keys and program new ones to use them for stealing vehicles. Now, that’s something that you don’t want to be a victim of.
To protect yourself, always go to a reputable mechanic. Plus, a physical steering wheel lock can also help.
Another old-school internet hack is also making its way to connected cars, specifically models with internet connectivity and built-in web browsers.
Yep, it’s the old phishing scheme and crooks can send you emails and messages with malicious links and attachments that can install malware on your car’s system.
As usual, once malware is installed, anything’s possible – ransomware, keyloggers, spying software. Worse yet, car systems don’t have built-in malware protections (yet), so this can be hard to spot.
To prevent malware intrusions, practice good computer safety practices even when connected to your car. Never open emails and messages nor follow links from unknown sources.
Aside from your onboard car computer system, crooks are also relying on old-school key-fob attacks to compromise your car and it’s getting worse. With the proliferation of cheap electronics and relay gadgets that can be purchased easily over the internet, these types of attacks are mounting fast!
The relay hack
Always-on key fobs present a serious weakness in your car’s security. As long as your keys are in range, anyone can open the car and the system will think it’s you. That’s why newer car models won’t unlock until the key fob is within a foot.
However, criminals can get relatively cheap relay boxes that capture key fob signals up to 300 feet away, and then transmit them to your car.
Here’s how this works. One thief stands near your car with a relay box while an accomplice scans your house with another one. When your key fob signal is picked up, it is transmitted to the box that’s closer to your car, prompting it to open.
In other words, your keys could be in your house, and criminals could walk up to your car and open it. This isn’t just a theory either; it’s actually happening.
In this scenario, the crooks will block your signal so when you issue a lock command from your key fob, it won’t actually reach your car and your doors will remain unlocked. The crooks can then have free access to your vehicle.
To prevent this from happening to you, always manually check your car doors before stepping away. You can also install a steering wheel lock to prevent car thieves from stealing your car even if they do get inside.
How to stop key-fob attacks
There are a few easy ways to block key-fob attacks. You can buy a signal-blocking pouch that can hold your keys, like a shielded RFID-blocking pouch.
Stick it in the fridge…
If you don’t want to spend any money, you can stick your key fob into the refrigerator or freezer. The multiple layers of metal will block your key fob’s signal. Just check with the fob’s manufacturer to make sure freezing your key fob won’t damage it.
…or even inside the microwave
If you’re not keen to freeze your key fob, you can do the same thing with your microwave oven. (Hint: Don’t turn it on.) Stick your key fob in there, and criminals won’t be able to pick up its signal. Like any seasoned criminal, they’ll just move on to an easier target.
Wrap your key fob in foil
Since your key fob’s signal is blocked by metal, you can also wrap it up in aluminum foil. While that’s the easiest solution, it can also leak the signal if you don’t do it right. Plus, you might need to stock up on foil. You could also make a foil-lined box to put your keys in, if you’re in a crafting mood.