Imagine a scenario where a malevolent individual could hack into your car’s computer system, gaining unauthorized access, unlocking doors, and even driving away with it. This has become a growing concern in recent years as modern cars become increasingly equipped with advanced technology. While these tech features are meant to enhance safety and entertainment, they have also unwittingly opened doors for cybercriminals. Hackers now are taking advantage of vulnerabilities in vehicles from various manufacturers, including well-known brands like Kia and Hyundai.
So how do the manufactures tackle this problem?
A recent report from Bloomberg sheds light on a remarkable global community of cybersecurity experts who have dedicated their careers to uncovering weaknesses in new cars. Their mission is clear: to identify vulnerabilities before criminals can exploit them. These experts work tirelessly, utilizing innovative methods to probe vehicle security. This includes acquiring automotive components from online marketplaces like eBay for experimental purposes.
Once these salvaged vehicle parts find their way into the experts’ well-equipped laboratories, they embark on a mission to expose potential entry points into a car’s intricate systems. When they identify flaws that could leave vehicles vulnerable to cyberattacks, they often collaborate directly with automakers to develop effective patches and countermeasures.
One notable figure in this effort is Tiffany Rad, an independent consultant with over a decade of experience in the field. She is currently working with U.S. officials to establish comprehensive cybersecurity and privacy standards tailored specifically for the transportation industry. She works on integrating rigorous security requirements into the foundation of automobile design. Reflecting on the evolution of the automotive cybersecurity landscape since her early days of exploring car hacking, Rad notes, “When I first ventured into car hacking, automakers had relatively few cybersecurity concerns. The present reality is vastly different.”
A next-generation theft?
The vulnerabilities uncovered by these dedicated researchers are both astonishing and concerning. For example, they have discovered methods to rewire a Toyota Rav4’s headlights to gain access to the car’s controls. In another instance, they developed a means to wirelessly access a car’s control system using a modified Bluetooth speaker. With this makeshift device, a simple press of the play button could unlock the car doors, allowing attackers to start the vehicle and make a swift getaway.
One critical factor contributing to these vulnerabilities is the longevity of cars. Unlike smartphones or computers, which are often replaced relatively quickly, people tend to hold onto their cars for longer periods. As a result, the digital security systems within these aging vehicles become outdated and more susceptible to attacks. “Technically savvy criminals” are capitalizing on these security weaknesses, designing user-friendly devices intended to exploit older cars.
Fortunately, efforts are underway to address these vulnerabilities and prevent widespread exploitation. Some of the very hackers who uncover these flaws are now being recruited by automakers worldwide to bolster their cybersecurity measures. Bloomberg highlights the case of two hackers who successfully remotely controlled a Jeep on a St. Louis highway in 2015. Following the publication of their findings, they quickly found employment within the automotive industry.
Moreover, the European Union has enacted a new law mandating a cybersecurity review for every new car before it can be sold. Automakers must now have a comprehensive plan in place to rectify any vulnerabilities discovered during this review process. This underscores the growing importance of automotive cybersecurity in an increasingly interconnected world.