Keeping your car secure means hiding valuables, closing windows, locking doors, and turning on your alarm if you have one. But now, there’s a security threat many car owners aren’t thinking of: hackers. Everything can be hacked. Everything — including your car.
Can your car be hacked? The short answer is yes. With the advanced features in vehicles today, cars are essentially giant moving computers, vulnerable to bugs, viruses, and hackers just like any other computer or mobile device. Self driving cars and vehicles with advanced safety features like adaptive cruise control, lane assist, and automatic braking are particularly at risk, but practically any vehicle made in the past several years can be seriously disabled at the hands of a hacker.
Read on to find out how your car can seemingly develop a mind of its own, whether you can expect to experience a hack, and what you can do to prevent becoming a car hacking victim.
How Hackers Can Attack Cars
Can a hacker stop your car or shut off your engine while you’re driving 70 miles per hour on the freeway? Theoretically, yes. They can do that — and much more. These are just some of the ways hackers can access your vehicle’s vulnerable systems and make driving difficult, dangerous, or uncomfortable for you:
- Tire pressure monitoring systems: Tire pressure monitoring systems tell drivers when their vehicle’s tires are too low or too high on pressure, offering helpful early warnings to get service. But when attacked, hackers can trigger warning lights and even remotely track vehicles through the monitoring system.
- Disabling brakes: You may control your brake pedal, but microprocessors in your onboard computer really make your brakes work. Hackers who get into your onboard computer can disable your brakes and even stop the engine.
- Manipulating vehicle diagnostics: Repair shops and dealerships today largely rely on onboard vehicle diagnostics systems to perform initial diagnosis of problems. But unscrupulous shops can manipulate your diagnostics system to make it appear that you need them to perform repairs that are not really needed.
- Changing the time, song on the radio, or GPS destination: With access to your vehicle’s systems, it’s simple for hackers to make small, but important changes to your vehicle. Something as unnerving as switching your radio station could happen. They can even get into your GPS system and change the destination you’re heading to.
- MP3 malware: The music you listen to on your car stereo could hack your vehicle — really. Downloads with malware codes can get into your car’s infotainment system and make its way into other systems, including those that control your engine or brakes.
- Forced acceleration: Power locks today often have features such as automatic locking when the car is put into drive or reaches a certain speed. They can also unlock if the airbags have been deployed. Cars with interconnected systems like this are vulnerable to problems such as hackers using power locks to force a car to accelerate.
- Extended key fob range: Wireless key fobs today unlock car doors when the person holding them is close by. However, using radio repeaters, thieves can extend the range of the key fob, unlocking your car doors when you’re up to 30 feet away.
- Driving data downloads: Many vehicles, particularly those using GPS or telematics systems, record driving data. If hacked, this information could be used to exploit your privacy and even discover where you live, work, or take your kids to school.
- Smart phone access: Hackers may be less interested in your vehicle’s systems and more interested in your vehicle’s connected mobile phone — which can give them access to credit card information, passwords, and financial data. If they’re able to get into your vehicle’s system and find your connected mobile phone, your information may be at risk.
- Turning on heat in the summer or air conditioning in the winter: In extremely hot or cold climates, vehicle air conditioning systems are less about comfort and more about safety. But they are just as vulnerable to hacks as any other system. Hackers can blast hot air in the summer and even turn on seat warmers.
- Windshield wiper control: Windshield cleaning fluid is useful, but not when it’s released unexpectedly or continuously. Then, it can be a danger to your visibility. This system, along with your windshield wipers, can be hacked.
Will Your Car Be Hacked?
Knowing that practically every vehicle is at risk for hacking today is unnerving, but what are the odds you’ll be affected by car hacking? At this point, it’s unlikely you will have a problem with hacking, though it’s better to be safe than sorry. Most hackers don’t really want to bother with cars because unlike computers or mobile phones, there is no financial incentive (like identity theft) in hacking vehicles. Those who hack cars typically do it for entertainment or malice.
Very few real world hackers have set their sights on vehicles. Rather, most of the hacks completed on vehicles are either in theory or completed by teams of researchers working to identify (and close up) vulnerabilities. Most hacks require significant expertise, equipment, and even physical access to the vehicle, making it difficult for everyday hackers to pull off most car hacks. Vehicle manufacturers are well aware of the risks of car hacking, and they continue to develop countermeasures to protect vehicles from virtual trouble.
However, as vehicles become increasingly connected, independent, and even begin to drive themselves, we may see more hackers turning to cars as an area of interest. This is especially true as wireless systems make your car more vulnerable to attacks.
How to Protect Your Car from Hackers
Hackers aren’t really interested in your car — yet. But before long, they may be. As hackers realize they can hold car owners hostage, steal data, and perform malicious acts and theft with car hacking, they may become increasingly interested and skilled at hacking vehicles. While most of the protective measures for cars need to be made at the manufacturer level, there are some things everyday drivers can do to protect vehicles from hacking:
- Don’t program your home address into GPS: It may be convenient, but car thieves and hackers can use your GPS to find your home address. And if they have access to your garage door opener, they can get into more than your car: they can get into your home as well.
- Limit wireless or remote systems: Systems that disable or monitor your vehicle remotely place you at the most risk. While many other systems are hard wired into your vehicle’s computer, wireless or remote systems are often controlled online and are more vulnerable and attractive to hackers.
- Don’t leave your password in your vehicle: Hacking can happen physically inside your vehicle as well. A car thief who finds your OnStar password, for example, can take over your account. That means the feature that allows you to remotely shut off your engine when you report the vehicle stolen will be useless.
- Use reputable shops: Anyone with physical access to your vehicle and hacking know how can cause problems for your vehicle. So when you’re leaving your car at a shop, whether for minutes, hours, or days, you’re taking a chance that someone can easily hack it — and even make it appear that you need repairs that really aren’t necessary. They may also be able to get access to information such as your driving data history. Only use shops and dealerships that you know you can trust not to take advantage of your car’s computer systems.
- Don’t download untrusted apps or use your car’s Web browser: Your car’s infotainment system is unprotected and ripe for the picking. Untrusted apps in your infotainment system can introduce malware. You should never use the Web browser on your vehicle, either. Simply use your mobile phone instead while safely parked.
- Stay on top of vehicle recalls: There has already been one cybersecurity related vehicle recall for the Jeep Grand Cherokee UConnect entertainment system. The vulnerability left access open to the car’s acceleration, radio, brakes, windshield wipers, and more. Affected customers received a USB device to upgrade their vehicle’s software with new security features. All vehicle owners should keep an eye out for similar recalls.
- Buy a vehicle with Android Auto or Apple CarPlay: Using your smartphone to manage your car’s entertainment system can be more responsible than a freestanding infotainment system. If you’re taking mobile security steps, this will make your system more secure.
- Buy an old car and wait for auto manufacturers to catch up: This may not be a real option for many drivers, but luddites can simply buy a vehicle that predates many of the connected features that make vehicles vulnerable today while manufacturers get up to speed and learn how to better protect vehicles and their drivers from hacking vulnerabilities.