Cyberattack 411: Protecting your vehicle from hackers
New vehicles are packed full of the latest and greatest technology. Among their many capabilities, today’s vehicles can automatically apply brakes to avoid collisions, maintain a designated following distance behind the car ahead of it and maneuver the vehicle back into its lane if the driver veers out of it. Some cars can even drive and park themselves!
Additionally, in-car Wi-Fi and mobile hotspots allow passengers to connect their computers, tablets and smartphones to the internet from the convenience of the vehicle cabin. Bluetooth allows hands-free use of phones, and infotainment systems let people enjoy their favorite tunes, access apps, navigate and more.
These technological advances provide tremendous benefits for drivers and passengers, but much of this technology can also be used to launch cyberattacks on your vehicle.
“Modern cars are essentially rolling computers and, just as your laptop, smartphone or tablet can be hacked, so can these driving machines,” says Craig Smith, author of The Car Hacker’s Handbook and founder of the Open Garages vehicle research lab.
Millions of today’s vehicles possess vulnerabilities that leave them open to new age methods of theft that don’t require a key or Slim Jim or, worse, situations where drivers no longer have control over their vehicles while driving. Mercury Insurance, one of the nation’s leading auto insurance providers, recently connected with Smith to help keep drivers safe and shed some light on this growing problem.
According to Smith, there are several key vulnerable areas consumers should be aware of, including:
* On-board diagnostics-II (OBD-II) ports;
* Key fobs;
* Infotainment systems (including audio files that owners may have synced for in-car entertainment);
* In-car Wi-Fi;
* Mobile hotspots;
* Navigation systems;
* Smartphones (connected to cars via Bluetooth); and
* Tire pressure monitoring systems.
“There are many factors that go into determining a vehicle’s risk of being hacked,” says Smith, who has worked in the security industry for more than 20 years and with the auto industry for five. “Newer vehicles have what we call a higher ‘attack surface,’ meaning there are more areas that are hackable."
“If you are specifically concerned about remote hackers, as opposed to those who have physical access to your car, then look at the wireless systems your vehicle supports. If your vehicle has telematics, satellite or digital radio, internet, Bluetooth, or wireless key fobs, these wireless services can provide entry points for an attacker over varied distances. This is also true for aftermarket components added to your vehicles, such as dongles plugged into your vehicle to monitor your driving for insurance reasons.”
Local hackers can gain access to a car to unlock it and steal its contents or even start the ignition to steal the vehicle.
To protect against vehicle hacking, Smith recommends disabling wireless services that aren’t being used. Consumers should refer to the information their auto manufacturer provides on vehicle features, decide which ones are important and only enable those options. Those who wish to use a dongle in their vehicle should try to use it sparingly and take it with them when they leave their car.
“The key to protecting your vehicle if it’s deemed at-risk for hacking is to disable the components that have the most risk. For instance, if the radio unit is the culprit you can disable it or replace it,” says Smith. “And while newer vehicles tend to have a larger attack surface, they also have more safety features that can help minimize or avoid injury in a collision, so you should consider that as well.”
Mercury Insurance is helping consumers answer the question “How Hackable is Your Car?” with an infographic that shows the areas of a consumer’s specific vehicle that may be vulnerable to a cyberattack. Visit https://blog.mercuryinsurance.com/how-hackable-is-your-car to learn more.
“We continuously review the automotive marketplace, so we can provide consumers with important information about how to protect themselves, families and property, whether it’s about the dangers of distracted driving, teen driving safety or, now, vehicle hacking,” says Tom Coyne, auto line lead for Mercury Insurance. “And Mercury doesn’t use dongle technology because we don’t want to increase our customers’ risk of a cyberattack, which we think they appreciate.”