Explore Newsletters from ECT News Network » View Samples | Subscribe
Welcome Guest | Sign In
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider

Car Computers Are Vehicles for Hacking, Warns FBI

By Richard Adhikari TechNewsWorld ECT News Network
Mar 22, 2016 5:00 AM PT

The FBI, the U.S. Department of Transportation and the National Highway Traffic Safety Administration last week issued a warning about the threat of automobile hacking.

Computers that control functions such as steering, braking, acceleration, lights and windshield wipers, as well as wireless technologies used in keyless entry, ignition control, tire pressure monitoring, and diagnostic and navigation systems, provide portals for cyberattack, the agencies said.

Third-party devices connected to vehicles through diagnostics ports, and mobile devices connected to vehicles also could open the door for hackers, they warned.

Safety Tips for Car Owners

Consumers should verify with vehicle manufacturers any recall notices or software updates they receive; avoid downloading software from third-party websites or file-sharing platforms; use a trusted USB or SD card storage device when downloading and installing software to their vehicles; and ensure their vehicle software is up to date, the agencies said.

They should be careful when modifying vehicle software or connecting third-party devices to their vehicles.

Vehicle owners should check the vehicle's VIN for recalls at least twice per year, according to the agencies.

Consumers can look for other for their vehicles online.

Car owners who suspect a hack can file a complaint with the NHTSA. They can also reach out to an FBI field office or file a complaint with the Internet Crime Complaint Center.

Is the Problem Real?

Anything electronic that talks wirelessly can be hacked, but "you have to have fairly specific access to the vehicle," said Mike Jude, a research manager at Frost & Sullivan.

"Every car manufacturer has a different protocol for doing things like remote start and remote unlock, so you'd have to target a specific car manufacturer, have specific information on their proprietary protocols for access, and then all you'd get is access to the car," he told TechNewsWorld.

The agencies are taking preemptive action because "they expect a lot more network-connected cars and expect them to use open standards for communicating with the cars' internals minus encryption," Jude said.

However, the notice "isn't preemptive. It's actually very late, and we're just lucky there haven't been any catastrophic incidents yet," argued Rob Enderle, principal analyst at the Enderle Group.

"We've had examples going back years that showcased it was possible to disable cars through the wireless sensors on their tires. As we increasingly move to systems that control all of the car's operation, the potential for deadly consequences has gone through the roof," he told TechNewsWorld.

"Think of ransomware," Enderle said. "If you get disabled in the middle of nowhere, how much would you pay to have your car run again?" The real concern, however, is "the massive loss of life a terrorist attack on cars could create."

Encryption backdoors like the one the FBI is seeking to force Apple to develop "enables hacking like this, and phones could easily become a bridge through a car's system to enable a hack," he said. "This strongly supports Apple's argument that the risks of what the FBI is requesting far exceed the benefits."

Accelerated Response Needed

"There's good reason for customer skepticism with connected cars due to multiple potential problem areas, including security, as well as legal issues," said Keith Bromley, senior solutions manager at Ixia.

"When multiple vendors -- wireless carriers, automobile makers, satellite radio services, entertainment companies, government agencies and even local business -- access consumer data, the question becomes, who's responsible for the security of any personally identifiable information contained within the databases?" he told TechNewsWorld.

The automobile industry has created a working group to deal with security issues, Enderle observed, "but they continue to move slowly, and the entire industry needs to massively change cadence, which is currently a three- to five-year cycle, to one more consistent with the far faster response times in the tech industry."

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Given the spread of the Covid-19 Delta variant, if my employer requires me to return to the company's location in 2021, I will...
Agree because I'm fully vaccinated.
Agree if the company institutes a mandatory mask requirement and other safety protocols.
Comply reluctantly, because I can't afford to lose my job, but start looking for different employment.
Resign immediately so I can dedicate all of my time to find a job I feel is safer.
Resign because I'm not vaccinated and don't want to risk infection to myself or others.