Smart cars and security: Are you the only one behind the brakes?
Tue 29 Mar 2016
Technology is making our lives faster and easier. At least, that’s what we’re being sold. New features offer conveniences never before known, such as assistance driving and car diagnostics, allowing the vehicle to let you know when something has failed – or when it’s time to see a specialist to get things fixed.
Some of these facilities are very useful, such as correcting for engine knock (and allowing the use of lower octane fuel in cars that would otherwise require more expensive gas). Some newer models even have built-in WiFi connections, communicating automatically with the internet to keep track of valuable statistics, and letting you save on data by offering connectivity for your devices. No doubt their data is useful to manufacturers and mechanics as well.
Unfortunately, those features come with more than a financial cost: being connected to the internet increases the chance of a security breach occurring. But what exactly does a security breach mean for us, and what can we do about it?
Automatic brake check?
While there have been very few incidents so far, there have been hacks made on vehicles. Chrysler demonstrated (in a controlled environment) that their Jeep Cherokee could be hacked. According to the report by the hackers in question, Charlie Miller and Chris Valasek, they were able to gain control first of the radio and, through some clever tricks, eventually the entire car. Worse yet, they could have done this with not just one, but all cars using the same network. They were able to control the brakes, the acceleration, the steering wheel—anything that was hooked up to the car’s computer system (which, it turns out, was everything).
The Jeep Chrysler was ultimately recalled last year, but this problem highlighted just how dangerous a hack could be in the real world for vehicle owners – a single security breach could threaten thousands of lives in just moments.
The problems were many: the vehicle’s password couldn’t be set or changed (it was automatically generated), and there was no verification needed to update the vehicle’s firmware. But regardless of which factor was the ‘key’, it wouldn’t be possible had the car not been online. If you do decide to go with a smart car that has internet connectivity, enquire carefully about its safety, examine relevant notices from the company and require that it provides some kind of proof about its safety, since recalls won’t save you if the damage has already been done – especially if that damage is fatal.
If you already have a smart car, your approach needs to be slightly different.
Updates to your car’s software and hardware are not as easily acquired as those found on your home computer or on mobile devices. Most firmware updates will require a visit to the dealer and must be specifically requested. It’s a good excuse to have your car looked at anyway, so don’t neglect it.
To save yourself extra trips, call in every now and then to find out if there even is an update to install. It’s probably not worth obsessing over, but a check in once every few months is worth the short call. Performing a search on your car might also provide similar results, and there are even websites that list vulnerable cars.
Protect your car from your devices
If you have WiFi connectivity in your car and you’re hooking up phones, laptops, tablets, etc., you’ll need to protect those devices; a compromised device on the network could become the Trojan horse that ultimately invades your ride.
Be sure to use current anti-virus software, even on your phone. Anti-virus apps can usually be acquired for free. A few options include Avast and Panda, but there are bound to be others out there, so pick your favorite. The premium versions offer some cool features, but they’re not usually necessary.
Your mobile devices probably connect to unsecured networks regularly without you even knowing (any publicly accessible WiFi is by definition unsafe). If you decide to use a Virtual Private Network (VPN), however, that risk mostly disappears. Connecting to a VPN usually encrypts your connection, preventing hackers from finding and infiltrating your device.
Your phone also should receive firmware updates in the same way your car would, only without the trouble of visiting a dealership. Install newer versions that fix security vulnerabilities in your system. If support is discontinued for your phone, it may be time to get a new one, since old software versions are frequently the target of exploits and hacks.
If your car has Bluetooth, it’s worth disabling it when not in use. While risks will predominantly come from the internet, that doesn’t stop Bluetooth from being used to piggyback devices already paired with your car.
When all else fails and you just can’t shake that uncertainty, the option still exists to simply buy a less-connected, traditional vehicle. Regular cars, often considerably cheaper, may lack a lot of the cooler features such as backup assistance and built-in GPS, to name a few, but those features can sometimes be added after market anyway.
Whichever way you choose to go, remember that knowledge is power. Understanding the risks and benefits associated with your ride can make a huge difference in your purchasing power. And if things continue the way they’re going (with increasingly more cars going “smart”), knowing what’s good and what’s not could save your life.
While we may be talking about the vulnerability of smart cars today, be sure to check out the next logical step in our article about driverless cars replacing the traffic light system.
About the Author: Cassie Phillips is an author for Secure Thoughts that focuses on information security and technology. Through the advocacy of security services such as VPNs and by promoting safe practices, she hopes to improve the lives of smart technology users and internet enthusiasts.