Don’t forget to update the software in.. your car!

Seriously – that is the latest advice from the FBI – make sure your car’s software is up to date.

Working in IT, I see reams of good advice go to waste.

Make sure you patch your computer.

Don’t install software from dodgy websites.

Don’t open that zip file in your email that you got from some strange person you’ve never heard of!

Make sure you back up your computer – especially your really important files!

[One of my saddest days at work ever was trying to help a lady who had her entire thesis on one floppy disk that was now toast. Months of work – gone!]

But what’s this all about?

Hacking is one thing – but what if someone hacks your car?  While you’re in it!

It turns out that there have been some proven hacks of car computers while people were driving in them.

A security company purchased a 2014 Jeep Cherokee, and (over a period of several months) were able to attack it remotely.

They managed to connect in via the mobile network and were able to affect the following systems:

• At low speeds (5-10 mph):
  • Engine shutdown
  • Disable brakes
  • Steering
• At any speed:
  • Door locks
  • Turn signal
  • Tachometer
  • Pump up the radio volume, the bass, changing the channel
  • Setting the heating, ventilating and air conditioning fan to arbitrary speeds
  • Tracking the cars GPS coordinates

In this case, the company is friendly.  The attack resulted in a white paper being produced and a recall and update of the affected cars.  There are plenty of hacking examples where the results are not so friendly.

How to prevent this happening to your car

The FBI advises that you do the following:

1. Ensure your vehicle software is up to date.
   As mentioned, I’m sceptical that software updates will happen regularly.
2. Be careful when making any modifications to vehicle software.
   Another way to put this is.. I really hope that you trust your mechanic.
3. Maintain awareness and exercise discretion when connecting third-party devices to your vehicle.
   This is a short way of saying that buying a cheap no-name car diagnostics instrument from the Internet may not give you the results you expected. They can also be used as a way to hack into your car.
4. Be aware of who has physical access to your vehicle.
   As with all hacking, it is extremely difficult to prevent hacking if someone has direct access to the computer. The trouble is, it is not that hard to get direct access to someone’s car.  If you really wanted to do it, a short distraction at a petrol station (for example) is all that’s needed.

Overall, it looks like if you really wanted to hack a car (and had a known vulnerability that you could exploit), it would be difficult to stop.

The ultimate prevention against hacking

So how do you really fix the problem?

Go vintage and get rid of the damn computer!

Try hacking this, sucker!

References

• Remote Exploitation of an Unaltered Passenger Vehicle by Chris Valasek and Charlie Miller, 2015. This is a fun read and well worth the effort. I’ve never been much of a car person, but now that there is programming involved, that may change!
• FBI alert number I-031716-PSA – Motor Vehicles Increasingly Vulnerable to Remote Exploits. Dated 17^th March, 2016.

Acknowledgements

• Car crash photo by Jason Conlon
• Car rear photo by Ryan McGuire

About the author

Leon Troeth is a Melbourne-based freelance technology copywriter.  Leon loves turning complex tech jargon and concepts into articles that everyone can understand.

P.S. – If you liked the article, please share it using the share buttons below!