Cars nowadays pack a punch with a variety of interesting features. The automotive industry has seen a massive transformation in the last ten years. So much so, that you can perform all the activities such as playing movies, music, take calls, and get directions for the GPS.
The modern vehicles of today come with an expansive range of on-board computers, which process everything from the automobile controls to the infotainment system.
These are called ECUs – Electronic control units and communicate and transmit information with each other using multiple networks and communication procedures. Let’s take a look at them:
- The Controller Area Network (CAN) is for vehicle component communication like the connection between engine and brake control.
- The Local Interconnect Network (LIN) is for carrying out communication between interior lights and door locks.
- The Media Oriented Systems Transport (MOST) is for infotainment systems like telematics connections and modern touchscreen.
- FlexRay is for high-speed vehicle component communication like active suspension and synchronization of active cruise control data.
Moreover, some additional consumer communication systems are embedded into automobile architectures and include 4G Internet hotspots, vehicle Wi-Fi, and Bluetooth for wireless device connections.
But humans are benefitting from these many features at the cost of their privacy. With a wide range of features, cybercriminals and hackers have found a plethora of access points. The integration of these different forms of communication connections and software systems leave the automobiles susceptible to attacks. Security experts and researchers have taken up the task to effectively demonstrate the bunch of potential attack vectors as well as some exploits from the real-world. That has led the manufacturers from the auto industry issuing vehicle recalls, and software updates to the mobile applications.
Automotive hacking is the exploitation of the weaknesses within the communication system of automobiles, software, and hardware.
Findings of the Study
According to a recently released study, Under the Hood: Cybercriminals Exploit Automotive Industry’s Software Features, hackers are somehow managing to get into cars, manipulate the automotive software, and create havoc for the driver. The study makes note of how hackers have been penetrating automotive systems and hardware since 2010.
John Dree, for example, has used computer systems and Digital Rights Management to keep car repairs at bay from the vehicle owners, third parties, and the use of aftermarket parts. Such restrictions have led to efforts for sidestepping these systems. They have also encouraged an interest measure like Motor Vehicle Owners’ Right to Repair Act.
The report says, “The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought,”
“IntSights discovered easy-to-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.”
The report reported how you can easily find car hacking tools on websites and online forums such as Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat. These sources offer a lot of information regarding car hacking, including code grabbers, tools, and tutorials.
Up until a few years ago, cars were thought to be complicated to hack into and just not worth the time and energy. Given the addition of other features like Wi-Fi and GPS, the number of surface attacks has spiked. Even an average car of today has thousands of pieces of hardware in it along with millions of lines of code that give the cybercriminals sufficient opportunity to try out their methods.
One of the most popular methods involves getting into a car’s CAN protocol, which gives the hacker complete access to all the functions of the vehicle.
The report says, “The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it,”
“However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer’s backend system, to which many modern cars are connected.”
The Risk of Code Grabbers
The Remote Keyless System of cars can be attacked as well. The feature allows the owners to unlock their cars and start them without using a key. The technology is ancient and was once believed to be too tough to crack. But code grabbers have led car thieves to intercept or mimic the signals.
The dark web is full of these kinds of code grabbers, and there are tons of portals and forums on the internet where cybercriminals share their best practices. There are some tools, like RollJam, which can work on any car, and you can buy it for as little as $32. Some of the other popular tools for hacking cars are Panda DXL, Grabos Panda, and Code Grabber, which come at a price range of $2,000.
The biggest dilemma of modern cars is the new variety of apps that make your car efficient with multiple functionalities like a smartphone. The study also talks about the security firm Argos. The company carried out tests and proved that a person could take applications and perform reverse engineering on them to shut down a car engine. You can do all of this remotely. Cybercriminals have become smart enough to create fake apps as well that lets them take control of the different systems of the vehicle.
The challenge of Cellular connection
The threats and risks don’t end here. Hackers of today have become capable to such an extent that they can gain access to your car through car companies that are capable of communicating with the vehicles via particular apps. Say there is a breach of the car company’s servers. A cybercriminal can easily mess with the shared information between the vehicle’s brain and the company server.
Moreover, hackers can even download malware onto the car owner’s phone using fake apps or phishing techniques. As a result, the vehicles get infected. Recently, cybercriminals were successful in manipulating cellular networks via built-in SIM cards used by car companies for getting real-time data.
Scientists from the Virginia Polytechnic Institute and State University scientists can hack into the navigation system of a car and can direct the cars wrong location. Even it was demonstrated during a DefCon presentation in 2015, how you can stop engines, initiate the brakes, and manipulate other functions of the cars as well via a simple cellular connection.
The problem of car hacking is only going to get worse due to the constant need for app and system updates that cannot take place as most cars come with lasting life. Most of the cars of today are going to suffer in the long run due to the security loopholes that cybercriminals are just waiting to exploit.
The study points out that in the digital times we are living in, it has become crucial to take essential measures to dodge such attacks. As cars normally get hacked via remote access, security teams are unable to timely identify the attack and know that their system has been attacked. This places the new drivers in a vulnerable position.
The main reason behind these attacks is the ability to use the wireless spectrum as an entry point into the car network that leverages the wireless spectrum, be it Keyfobs, infotainment systems, car diagnostics systems, or wireless tire pressure sensors.
With growing advancements in technology, we can expect to see more software attacks against infotainment systems, charging stations, and mobile apps.