Imagine driving to work, minding your own business without a care in the world. You start to exit the off ramp when the engine suddenly seizes. You’re still rolling forward and slam into the car in front you. Sounds scary, right? Well, hackers are getting scarier every day — and cars may just be their next target.
We’ve reported on vulnerabilities of smart cars and GPS systems, but we never imagined how far hackers could take it. A lone hacker, who has admitted to breaching GPS tracking apps on hundreds cars, is claiming he knows how to remotely disable their engines. According to him, his technique not only grants him access to controls for the car, but also driver information from the apps like home addresses and phone numbers.
As cybersecurity threats continue to grow, hackers will test their boundaries even more to see what they can get away with. Having a hacker on our side, however, might be the key to stopping these bad actors.
How did a hacker gain control of these cars?
The hacker, who calls himself L&M, is unusual in the sense that he fights on the side of consumers. He’s what industry insiders call a “white hat” hacker, a cybercriminal who breaks into systems for the greater good. This means his exploits are done to test the limits of companies’ cybersecurity so he can tell them what they’re missing, along with how they can fix these holes to protect their customers.
L&M prefers to see what he is capable of rather than cause chaos with his computer mastery. In one of his recent projects, he sought to infiltrate a network of GPS tracking apps found in several prominent car manufacturers. Once inside, he found that more than 27,000 of these apps used “123456” as the default password for users.
Now that he had root access to a fundamental system of the car, he explained that these apps can interact with the engines — allowing them to be remotely shut down at his command. He also said any stopped car, or vehicle traveling 12 miles per hour or slower, could be affected by this exploit. This could potentially disrupt traffic on a global level if enough computer power was behind the hack.
Am I affected by this hack?
Apps the hacker was able to breach are iTrack and Protrack, which are found in multiple makes and models of car GPS systems. If you use either of these services you should have already received an email to reset your account password.
Doing so would add another step for hackers, they would need to crack your password first. If your password is not set to default, a hacker might think your car is not worth hacking and leave it alone.
If you have either of these services and haven’t received an email yet, now’s the time to reset your password for yourself — even if it’s just for peace of mind.
The biggest lesson to be learned from this scary episode is how dangerous leaving your password unchanged can be. Every cybersecurity expert recommends generating a complex password and changing it frequently.
Especially with how bold and clever hackers are getting, leaving your password to fate makes you a sitting duck for computer whizzes with bad intentions. Being prepared is the best defense against a cyber offense.