Click here to learn more about author Cathy Nolan.
Of course it can. Anything that uses a computer to operate it or any of its systems can be hacked, but the potential for harm has been largely swept under the rug by car manufacturers. The fact that criminals can either remotely or directly take control of your car from their laptop was demonstrated in 2013 by security engineers from Twitter and IOActive, a Seattle consultancy company, and again in 2014 at the Black Hat Security Conference in Spain. However, it took until March, 2016, for the FBI and National Highway Transportation Safety Agency to issue a warning to the general public and to the manufacturers of vehicles, vehicle components, and aftermarket devices, to maintain awareness of potential issues and cyber-security threats related to connected vehicle technologies.
The rise of “smart” cars has made it easier for hackers to infiltrate automobile computer systems and use “attack” software to kill power steering, slam on brakes, blast horns, disrupt GPS and odometers, and to gather personal data.
The director of the Europe’s Cybercrime Centre, a body within the European Union’s law enforcement agency Europol, told CNBC that the potential for in-car technology to be hacked and used for organized crime, revenge, profit, and competitive advantage was great. “We are very concerned about the direction of car hacking,” the director told CNBC. “Everyone in the car industry wants to make cars more helpful—for them to help with steering, parking, breaking, and even driving—but if you do this, the downside is that someone will try to use this to their advantage and for criminals, this would generally be for profit or revenge.” Scary stuff, and although the car companies are assuring the public that they are aware of the threats and are working to make their cars’ computer systems “hacker-proof”, there is no guarantee
The FBI warning to drivers about the threat of over-the-internet attacks on cars and trucks doesn’t elaborate what the agency has learned about new incidents of car hacking but it does offer a list of tips about how to keep vehicles safe and gives recommendations about what to do if you believe your car has been hacked—including a request to notify the FBI at https://www.fbi.gov/contact-us/field.
Here are some tips from the FBI:
- Ensure your vehicle software is up to date
If a manufacturer issues a notification that a software update is available, it is important that the consumer take appropriate steps to verify the authenticity of the notification and take action to ensure that the vehicle system is up to date.
- Be careful when making any modifications to vehicle software
Making unauthorized modifications to vehicle software may not only impact the normal operation of your vehicle, but it may introduce new vulnerabilities that could be exploited by an attacker.
- Maintain awareness and exercise discretion when connecting third-party devices to your vehicle
While in the past accessing automotive systems through an OBD-II port would typically require an attacker to be physically present in the vehicle, it may be possible for an attacker to indirectly connect to the vehicle by exploiting vulnerabilities in these aftermarket devices.
- Be aware of who has physical access to your vehicle
In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle.
While manufacturers are also attempting to limit the interaction between vehicle systems, wireless communications, and diagnostic ports, it is predicted that soon cars will be talking to each other and creating networks. Car hackers’ targets can vary depending on their goals, but networks make hacking even more attractive because hacking into a network can affect dozens, hundreds, or thousands of vehicles at once.
Just one more security threat to think about as you are driving to work today.