Top ten ways to avoid getting your car hacked
This product picture provided by Fiat Chrysler Automobiles shows the Uconnect 8.Four inch infotainment system on a two thousand fourteen Jeep Cherokee Limited. Harman International, the company that makes car radios that friendly hackers exploited to take control of a Jeep Cherokee on Tuesday, Aug. Four, 2015, said its other infotainment systems don’t have the same security flaw.
These strategies can minimize your vulnerability to computerized theft and subterfuge
Automotive hacking may be in its infancy, but it most assuredly will be a growth industry, especially as more cars take on semi-autonomous – and, soon enough, fully autonomous – driving capability. The modern car has as many as one hundred microcomputers, many of them connected to the outside world by some means of electronic communication. And it isn’t just such high-tech communication systems – Wi-Fi, Bluetooth, etc. – that make our cars so vulnerable to attack. Indeed, it is our very insistence on being permanently connected that makes our cars such a rich “attack surface” environment. What’s ironic is that the best way to thwart these high-tech exploits involves some decidedly old school guardians as well as some that sound just plain cockamamie. Without further ado, then, here are ten strategies to minimize your vulnerability to computerized theft and subterfuge:
Local Pricing & Incentives
See what your neighbours are paying
1. Don’t use your remote keyless system to lock your doors. “What the…?” I hear you telling. Nonetheless, it turns out the simplest hack in the automotive world is still just cracking into your car to steal all your goodies. And the simplest way to “open sesame” is scanning your push-button locking system. There’s all manner of ways to do it, but the one thing in common is that they all require you to lock your vehicle remotely and then walk away from the vehicle. The simplest solution, therefore, is to forego the key fob and use the central door lock button to close up shop. No transmission; no hacking. Of course, it doesn’t matter if you use a keyless system to inject your car; you’ll be driving away from the threat.
Two. This one is going to seem odd – totally over the top, in fact – but you might want to commence putting your keyless fob in the refrigerator at night. Or in a box with some tin foil lining. Not as common as the plain “transmission” hack noted above, this exploit – that’s cybertalk for getting up to no good – involves a slightly more complicated “amplifier” that fools your car into thinking the fob is close by, therefore permitting access to your car. More importantly, if your car has push-button embark, it also fools the security system into thinking the immobilizer is nearby. Not only can thieves now rifle all your belongings, they can also steal your car.
Yes, it’s true. Holding a remote key fob against your head can indeed extend its range.
Trio. Use a good old-fashioned steering wheel lock. People crafty enough to construct some form of electronic hack to get into your car are very likely clever enough to stir onto a Benz more vulnerable if they spot a steering wheel locking system, especially if it’s the tried-and-trusted “The Club Original 1000” or the even more sturdy FJM High Security Steering Wheel Lock. If they can’t drive it away, they’re going to look for lighter prey.
Motor Mouth: Ransomware is the future of car theft
Four. Buy a Tesla or a General Motors product. No, not because they are electrified or reduce emissions, but because Tesla and GM prize “white hat” hackers showcasing them their products’ vulnerabilities. Virtually every cyber-security experienced we’ve spoken with says rewarding the discovery of software vulnerabilities is the number one defense against malicious hacking. GM launched its “bug bounty” program in January and Tesla solved a hack last year with a plain over-the-air update.
2015 Tesla Model S P85D
Five. Don’t drive a top-of-the-line car (Tesla and Cadillac excepted). I doubt if anyone rich enough to afford a Mercedes-Benz is going to take this advice, but expensive cars have more computers and connectivity features than the cars we peons drive. That just means there’s more ways into your car’s neurosystem and more things to play with once a “black hat” is in there. One security pro I talked with drives a ’70s Volkswagen specifically because it has no computers, wireless connections or USB ports and wouldn’t even desire of buying a car with a Wi-Fi “hotspot.”
6. If being connected is a big part of your daily drive, buy a car with the latest Apple CarPlay or Android Auto systems. According to Kim Komando, self-proclaimed “digital queen,” both CarPlay and Android Auto have beefier security than automotive entertainment systems, so running the telematics through your iPhone/Galaxy may be safer than automotive cellular systems.
One way millennials are influencing automakers is with their request for more technology, such as smartphone-based infotainment systems like Apple CarPlay.
7. Buy an OBD lock. What’s OBD, you ask? The on-board diagnostic system is your car’s built-in link to the outside world, the portal through which all repairs, mechanical or otherwise, are diagnosed. All cars have a port that permits technicians to access all the relevant computers controlling your car. Therefore, it is also the easiest way to get inwards your car’s brains. This subterfuge requires access to your car, but once in the potential for harm is pretty much limitless. So lock it up. Besides, your OBD port is also used to access your car’s Electronic Data Recorder, a chip that records exactly how – as in how rapid – you drive. So the OBD lock also promises privacy, something you might find significant if you get in a collision and someone attempts to access your car’s accident data without your permission.
8. For God’s sake, don’t buy into one of those insurance programs that promises to lower your premium based on how securely you drive. They do so by plugging a “dongle” into the OBD port mentioned above – again, one of your car’s greatest vulnerabilities – and then connect it with the insurer’s home office via a less-than-secure cellular connection. Earnestly, you’re almost asking to be hacked. Forbes, for example, claims that Progressive Insurance’s Snapshot dongle had “basically no security technologies whatsoever” and that “a skilled attacker could almost certainly compromise such dongles to build up remote control of a vehicle, or even an entire fleet of vehicles.” I suspect these systems will prove very susceptible to remote hacks – i.e., via a laptop – sometime in the near future.
The Ajusto wireless device from Desjardins Insurance is installed into a vehicle’s diagnostic port and measures distance travelled annually, frequency of hard braking and acceleration, as well as time of day the vehicle is driven to determine savings on insurance rates.
9. The same applies to anyone else attempting to install such OBD dongles in your car. Samsung’s ConnectAuto promises to let business owners monitor their fleet of vehicles via a Wi-Fi-enabled OBD dongle. Other future uses for these devices may be to permit crypto “repo” guys “bricking” a car for missed loan payments or even “teaching” fleets to drive more economically. As beneficial as these additions may seem, they still leave your ECU – electronic control unit – broad open to malfeasance.
Ten. Last, but most certainly not least, don’t butt-plug random USBs into your dashboard. Data-enabled USB ports – used to update system software – suggest direct access to your car’s neurosystem. Ironically, part of the fix for Wired magazine’s famed Jeep hack was a USB-installed “patch” sent via the post. Security experts have long cautioned against plugging in USBs received via (easily-compromised) snail mail, so why FCA determined to fix one security glitch with another vulnerability is mystifying. “The decision of Fiat Chrysler to mail out USB slams to customers directly to patch the latest vulnerability is the security equivalent of flapping a crimson rag to a bull,” Carl Leonard, principal security analyst at Raytheon Websense, told networkworld.com. “Hackers, very adept at taking advantage of indecision and social engineering tactics in times of crisis, could potentially utilize this USB fix chance for nefarious build up.”