With the amount of smart technology that automobiles come equipped with these days, the idea of car hacking is not science fiction anymore. Car buyers worry in increasing numbers about the safety of passengers and wonder what they can do to safeguard themselves.
In 2015, two cybersecurity researchers exposed the real threat hackers pose to vehicles connected to the world through the Internet. Charlie Miller and Chris Valasek hacked into a 2014 Jeep Cherokee, and from a mile away, Valasek "turned the steering wheel, briefly disabled the brakes and shut down the engine."
The hack prompted Fiat Chrysler to recall 1.4 million vehicles, including its Jeep Cherokee, to install patches to the UConnect dashboards and entertainment operating systems (OS). Miller and Valasek had used vulnerabilities in the OS as the entry point to cripple critical functions on the Cherokee. This particular OS is common to Dodge, Jeep and Fiat Chrysler vehicles.
The cars rolling off assembly lines now have an average of 25 to 50 interconnected computersintertwined throughout them. The systems manage everything from music and temperature to steering and brakes. The wireless UConnect OS referenced above was particularly vulnerable through its entertainment functionality.
In a vehicle, the entertainment system must connect to the outside world to receive satellite radio signals, stream content and convey mobile phone conversations. The channel is like an open sluiceway to the central nervous system of the car, called the controller area network, or CAN bus. The CAN enables the various components of the car to talk to each other. The greater complexity of cars rolling off assembly lines, particularly in regard to installed entertainment systems, makes them much more vulnerable than models built before 2010.
Gartner, a technology market research company, predicts that approximately 250 million vehicles will directly connect to the Internet by 2020. With numbers like that on the horizon, auto makers are aware of the huge liabilities they face should any of their vehicles succumb to a hack that causes passenger injuries or property damage.
In 2015, auto industry companies created the Automotive Information Sharing and Analysis Center to exchange information about cybersecurity threats and ways to protect against them. In October 2016, the National Highway Traffic Safety Administration published a cybersecurity "best practices" guide for automakers. The report included advice for building more secure vehicles.
The likelihood of a hacker taking control of your car while you're driving is slim, but the threat of theft is real. Since 2015, hackers have successfully used laptop computers to hack the ignitions of late model Fiat Chrysler cars. For this reason, it may be wise to continue using the old-school approach of attaching an anti-theft device to the steering wheel.
You should also remain aware of software security patches provided by your automaker. Typically, vendors offer links on their websites to download the software onto personal USB flash drives. You would simply plug the flash drive into the USB port in your car to transfer the fix or update to your vehicle.
Avoid installing software on your automobile that is not manufacturer approved. This includes diagnostics software to monitor your car's performance or different types of entertainment software that require Internet connectivity. Third-party wares could be rife with vulnerabilities that hackers could exploit to steal or control your car.
Along with providing greater convenience and comfort, the integration of the Internet into cars presents owners with new challenges that are as critical as the hacking of personal devices. Just as you develop a routine for keeping the antivirus software up to date on your computer, you must stay abreast of the security updates for your modern vehicles.