Beware of the car hackers

Posted on August 17th, 2015 by Rob Marshall


While the apparent obsession, to advance developments of not only autonomous cars but also the Internet of Things, could make our lives easier (or lazier), it introduces security holes that will have more serious ramifications.

While I am not a Luddite, I remain suspicious of ‘new technology‘. I welcome the opportunity to turn off my pre-set oven wirelessly, for example, should I get stuck in a traffic jam during my evening commute (after pulling into a service station, of course). Yet, it is possible for hackers to wreak mischief and reduce my signature dish of pie and peas to ash. More worryingly, could the government take over my kitchen, to either delay, or turn down, connected appliances, should an electricity shortage strike?

Vehicles present more worrying challenges, especially as more than 60% of new cars are expected to be Internet-savvy by next year. The recent wireless hacking of a fairly new Jeep in North America (plus a Tesla) means that burglars no longer have to exact physical violence in order to gain entry. It also demonstrates that a hacker could control the vehicle to drive into a target, without leaving the comfort of his, or her, sofa.

Keyless entry a back-step?
Today, theft of an unoccupied vehicle poses a bigger risk. While advanced car security systems are encouraging thieves to break into houses for the keys, so-called technological advances have made their lives easier. With the simple key being replaced by fobs, crooks are finding ways to detect, copy and replicate their security signals, to fool the car into thinking that they are the owners.

Reports state that Scotland Yard has found that commercial vehicles, including Ford’s Transit and Mercedes-Benz’s Sprinter, are the most favoured targets, followed by higher value premium cars. Late-model BMWs and Land Rovers combined make 25% of the total thefts. However, it is possible that the world-wide attractiveness of these models, whether as complete vehicles, or parts, is the reason for their desirability to the criminal fraternity, rather than those manufacturers alone having specific security flaws.

We have also heard of certain cars being accessed by breaking the windows and thieves obtaining security information, via the on-board diagnostics (OBD) port, to start the engine. As an example to confuse and dissuade thieves, some enterprising enthusiasts of Ford’s high performance Focus ST range have found ways to relocate their models’ OBD ports.

What you can do
Last year, the UK’s Society of Motor Manufacturers and Traders (SMMT) admitted that this was an industry-wide problem and manufacturers were constantly updating software in an attempt to stay ahead of the game. Therefore, contacting your vehicle manufacturer, for any latest security updates, is a prudent move, especially if your car possesses a keyless entry fob.

While I shall be researching this issue in greater depth in the future, it seems as though old-fashioned approaches will help reduce the risk of a keyless entry-equipped car being stolen. These include taking extra care, when choosing a location in which to park, and fitting physical security features, such as steering wheel/gearstick locks.

Meanwhile, there appears to be nothing that we can do to stop hackers from taking control of the vehicle, when it is moving. Although manufacturers must develop continuous improvements to their security systems, attempts to withhold information and data to the aftermarket repairers are likely to breach anti-monopoly legislation, which would not be in the consumers’ best interests. It is a tricky balance.

However, security concerns must be addressed, as the motorcar becomes ever-more autonomous. Our safety depends on it.