The era of connected cars and autonomous vehicles is definitely here. Carmakers are investing heavily in their own autonomous vehicles. The technologies are already on the market too, with Tesla leading the way and other car companies introducing their own versions soon after. Cars are getting smarter, but the smart features of modern cars introduce a new set of risks.
With cyber-attacks growing in numbers, it is only a matter of time before cars become the next targets for hacking. Some cases of vulnerabilities in cars being exploited for malicious intents are already recorded. So, is car hacking a fact or a Hollywood fiction? Let’s find out, shall we?
Security Taking the Center Stage
The issue of car security, especially with the introduction of smart car features, is somewhat similar to what we had with the Internet of Things or IoT. Everyone was racing towards new innovations and better, smarter car features that no one actually paid attention to security as a prominent aspect in the development process.
Fortunately, early vulnerabilities were discovered quickly. Those vulnerabilities brought the attention back to car security. With more features already in the pipeline for future cars, security has become an important aspect to focus on.
Bluetooth Security in Cars
One of the biggest security risks faced by modern cars is associated with the Bluetooth system found in them. Bluetooth has been around for ages, but it is still not the most secure way of connecting devices and allowing them to communicate. For starters, Bluetooth is not natively encrypted, and it is connectivity designed for open use.
One of the early vulnerabilities we talked about earlier is actually one that relates to the use of Bluetooth in cars. Attackers can connect to the car’s Bluetooth system, and then find ways to exploit that connection to control other parts of the car. Considering how connected modern cars – and their components – are, this is a serious risk to mitigate.
The use of Bluetooth is a bit of a balancing act. It is flexible connectivity that can be used for a wide range of purposes, but developers who want to use this connectivity option must work harder to secure their applications and services. This includes car companies who want to integrate smart features over Bluetooth.
Do you know that you can update your car’s firmware over the air? Firmware isn’t just meant for smart, electric cars like Tesla. Many modern cars actually use firmware in some form, albeit on different levels. The ECU, for instance, contains data that governs the way the car’s engine operates under different situations. The ECU itself can be updated for higher performance or better efficiency.
The platform for updating a car’s firmware is also designed to be open and flexible. Many cars now use a control system that can be updated remotely. Both BMW and Mercedes-Benz uses this type of Over-the-Air (OTA) update for their management systems. Other carmakers are following suit with their own systems and added flexibilities.
Keeping the car up to date requires no visit to the dealership. Naturally, this too is an endpoint that exposes the car to more risks. Additional steps are taken to sign the firmware update and make sure no malicious code can be injected into the car’s management system. As for engine control, OBD-II remains the popular platform used by manufacturers.
Data Privacy Becoming a Concern
A car stores a lot of data about its driver, even when the driver doesn’t notice it. if you don’t believe me, try opening the History tab on your GPS device. You’ll be surprised by how much data the navigation system stores about your past trips. With data being stored, there is a serious privacy concern to mitigate.
Data is the primary target of cyber attacks, and that means data stored in cars must also be protected following the latest information security standards. Once again, this is a case of launching a new feature before adding sufficient security measures. Only a handful of cars use encryption to protect driver information, past routes, performance data, and other key metrics.
Don’t think the data stored in cars are not valuable enough either. Hacking cars goes beyond taking control of the vehicle. It is also difficult to neglect the fact that modern cars have cameras, audio systems, and voice commands, all of which are capturing sensitive information that needs extra layers of protection.
What’s interesting is how modern cars are still prone to hardware hacking. While there are risks of information theft and malicious attacks due to the use of systems like Bluetooth and OBD, the biggest risk is still the car itself. For example, the easiest way to gain control of a car is to break into it.
Protecting your car from physical hacking comes down to maintaining it properly. Rather than using a cheap battery that produces inconsistent voltage and current, for example, which might affect the performance of your car’s alarm system, you can protect the car better by using a high-quality maintenance-free battery. The MF battery comes with added benefits too, and you can view page on MF battery by RB Battery to learn more.
Physical access to the car’s entertainment and management system also allows attackers to compromise the rest of the vehicle. Cars now have built-in USB ports and other connectivity options, and not all of them are sufficiently compartmentalized. A USB port in the wrong hands could lead to the ECU being completely compromised.
Yes, car manufacturers are taking steps to mitigate these security risks. Similar to IoT companies, however, these steps should have been taken years ago. The only comfort comes from knowing that most vulnerabilities are not made public and that only a handful of attackers can fully exploit them to compromise modern cars.
That’s not to say that there will not be worse security risks in the future. We can only hope that top car manufacturers begin to invest as heavily on the security of their cars going forward. A few like Tesla and Mercedes are leading the pack with their security initiatives and better safety measures.