Don’t forget to update the software in.. your car!

  • 9
Car crash

Don’t forget to update the software in.. your car!

Seriously – that is the latest advice from the FBI – make sure your car’s software is up to date.

Working in IT, I see reams of good advice go to waste.

Make sure you patch your computer.

Don’t install software from dodgy websites.

Don’t open that zip file in your email that you got from some strange person you’ve never heard of!

Make sure you back up your computer – especially your really important files!

[One of my saddest days at work ever was trying to help a lady who had her entire thesis on one floppy disk that was now toast. Months of work – gone!]

But what’s this all about?

Hacking is one thing – but what if someone hacks your car?  While you’re in it!

It turns out that there have been some proven hacks of car computers while people were driving in them.

A security company purchased a 2014 Jeep Cherokee, and (over a period of several months) were able to attack it remotely.

They managed to connect in via the mobile network and were able to affect the following systems:

  • At low speeds (5-10 mph):
    • Engine shutdown
    • Disable brakes
    • Steering
  • At any speed:
    • Door locks
    • Turn signal
    • Tachometer
    • Pump up the radio volume, the bass, changing the channel
    • Setting the heating, ventilating and air conditioning fan to arbitrary speeds
    • Tracking the cars GPS coordinates

In this case, the company is friendly.  The attack resulted in a white paper being produced and a recall and update of the affected cars.  There are plenty of hacking examples where the results are not so friendly.

How to prevent this happening to your car

The FBI advises that you do the following:

  1. Ensure your vehicle software is up to date.
    As mentioned, I’m sceptical that software updates will happen regularly.
  2. Be careful when making any modifications to vehicle software.
    Another way to put this is.. I really hope that you trust your mechanic.
  3. Maintain awareness and exercise discretion when connecting third-party devices to your vehicle.
    This is a short way of saying that buying a cheap no-name car diagnostics instrument from the Internet may not give you the results you expected. They can also be used as a way to hack into your car.
  4. Be aware of who has physical access to your vehicle.
    As with all hacking, it is extremely difficult to prevent hacking if someone has direct access to the computer. The trouble is, it is not that hard to get direct access to someone’s car.  If you really wanted to do it, a short distraction at a petrol station (for example) is all that’s needed.

Overall, it looks like if you really wanted to hack a car (and had a known vulnerability that you could exploit), it would be difficult to stop.

The ultimate prevention against hacking

So how do you really fix the problem?

Go vintage and get rid of the damn computer!

Old car - no on board computer here

Try hacking this, sucker!

References

Acknowledgements

About the author

Leon Troeth is a Melbourne-based freelance technology copywriter.  Leon loves turning complex tech jargon and concepts into articles that everyone can understand.

P.S. – If you liked the article, please share it using the share buttons below!


9 Comments

Roland Storti

24/03/2016 at 5:33 pm

The info you’ve shared is of great value. Thanks!

    Leon Troeth

    24/03/2016 at 10:35 pm

    Thanks Roland!

Hamish McLean

25/03/2016 at 4:04 pm

Don’t think my 2015 Mazda CX-5 will need patching as it won’t connect to my iPhone any way – never has and still waiting for Mazda to come out up with a fix

    Hamish McLean

    14/08/2016 at 10:56 am

    Mazda have finally released updated software and, if necessary, a new module.
    Seems I can now connect to my iPhone after owning the vehicle for over 12 months without being able to.

      Leon Troeth

      17/08/2016 at 8:51 am

      Isn’t it great that something so basic takes so long to get fixed!

Charles Wilkinson

29/03/2016 at 4:07 pm

Scary stuff to learn that critical systems for operating the car are part of the same system that can be connected to remotely

But yeah, even physical access is possible and important. My best thought is to install hashes in the car key for the car’s system to check integrity every time you start the car.

Joanna Nelson

29/03/2016 at 5:11 pm

Yes I recall recently ringing my mechanic to find out if my car was ready for pickup only to be informed that it was in the process of patching the software…….. I had visions of my car being hacked ..

Leon Troeth

29/03/2016 at 8:12 pm

Better still.. now we have the chance to take our cars in for a service, have some buggy update installed and drive it home worse than when it was taken in. We’ll have to start checking out the car software release schedule to see when it’s safe!

Peter Moulding

29/03/2016 at 9:16 pm

Wait for service pack 2

Leave a Reply

4 × 1 =