Don’t forget to update the software in.. your car!
Category : technology
Seriously – that is the latest advice from the FBI – make sure your car’s software is up to date.
Working in IT, I see reams of good advice go to waste.
Make sure you patch your computer.
Don’t install software from dodgy websites.
Don’t open that zip file in your email that you got from some strange person you’ve never heard of!
Make sure you back up your computer – especially your really important files!
[One of my saddest days at work ever was trying to help a lady who had her entire thesis on one floppy disk that was now toast. Months of work – gone!]
But what’s this all about?
Hacking is one thing – but what if someone hacks your car? While you’re in it!
It turns out that there have been some proven hacks of car computers while people were driving in them.
A security company purchased a 2014 Jeep Cherokee, and (over a period of several months) were able to attack it remotely.
They managed to connect in via the mobile network and were able to affect the following systems:
- At low speeds (5-10 mph):
- Engine shutdown
- Disable brakes
- Steering
- At any speed:
- Door locks
- Turn signal
- Tachometer
- Pump up the radio volume, the bass, changing the channel
- Setting the heating, ventilating and air conditioning fan to arbitrary speeds
- Tracking the cars GPS coordinates
In this case, the company is friendly. The attack resulted in a white paper being produced and a recall and update of the affected cars. There are plenty of hacking examples where the results are not so friendly.
How to prevent this happening to your car
The FBI advises that you do the following:
- Ensure your vehicle software is up to date.
As mentioned, I’m sceptical that software updates will happen regularly. - Be careful when making any modifications to vehicle software.
Another way to put this is.. I really hope that you trust your mechanic. - Maintain awareness and exercise discretion when connecting third-party devices to your vehicle.
This is a short way of saying that buying a cheap no-name car diagnostics instrument from the Internet may not give you the results you expected. They can also be used as a way to hack into your car. - Be aware of who has physical access to your vehicle.
As with all hacking, it is extremely difficult to prevent hacking if someone has direct access to the computer. The trouble is, it is not that hard to get direct access to someone’s car. If you really wanted to do it, a short distraction at a petrol station (for example) is all that’s needed.
Overall, it looks like if you really wanted to hack a car (and had a known vulnerability that you could exploit), it would be difficult to stop.
The ultimate prevention against hacking
So how do you really fix the problem?
Go vintage and get rid of the damn computer!

Try hacking this, sucker!
References
- Remote Exploitation of an Unaltered Passenger Vehicle by Chris Valasek and Charlie Miller, 2015. This is a fun read and well worth the effort. I’ve never been much of a car person, but now that there is programming involved, that may change!
- FBI alert number I-031716-PSA – Motor Vehicles Increasingly Vulnerable to Remote Exploits. Dated 17th March, 2016.
Acknowledgements
- Car crash photo by Jason Conlon
- Car rear photo by Ryan McGuire
About the author
Leon Troeth is a Melbourne-based freelance technology copywriter. Leon loves turning complex tech jargon and concepts into articles that everyone can understand.
P.S. – If you liked the article, please share it using the share buttons below!
9 Comments
Roland Storti
24/03/2016 at 5:33 pmThe info you’ve shared is of great value. Thanks!
Leon Troeth
24/03/2016 at 10:35 pmThanks Roland!
Hamish McLean
25/03/2016 at 4:04 pmDon’t think my 2015 Mazda CX-5 will need patching as it won’t connect to my iPhone any way – never has and still waiting for Mazda to come out up with a fix
Hamish McLean
14/08/2016 at 10:56 amMazda have finally released updated software and, if necessary, a new module.
Seems I can now connect to my iPhone after owning the vehicle for over 12 months without being able to.
Leon Troeth
17/08/2016 at 8:51 amIsn’t it great that something so basic takes so long to get fixed!
Charles Wilkinson
29/03/2016 at 4:07 pmScary stuff to learn that critical systems for operating the car are part of the same system that can be connected to remotely
But yeah, even physical access is possible and important. My best thought is to install hashes in the car key for the car’s system to check integrity every time you start the car.
Joanna Nelson
29/03/2016 at 5:11 pmYes I recall recently ringing my mechanic to find out if my car was ready for pickup only to be informed that it was in the process of patching the software…….. I had visions of my car being hacked ..
Leon Troeth
29/03/2016 at 8:12 pmBetter still.. now we have the chance to take our cars in for a service, have some buggy update installed and drive it home worse than when it was taken in. We’ll have to start checking out the car software release schedule to see when it’s safe!
Peter Moulding
29/03/2016 at 9:16 pmWait for service pack 2