We all know that our computers and our phones can be vulnerable to attacks and exploits. Every once in a while, we get a virus or get our Internet accounts hacked, and that reminds us to “be careful”. And, if it not us who gets this reminder, it is a family member or a close friend, and we think, “Whew! That could have been me.” So, I disable bluetooth on my devices when it is not needed. And, I enable the software firewall on my laptop. In case my laptop were to be compromised, I make a complete backup on a regular basis. But, I’ve done nothing to protect my automobile. Have you?
Well researchers have discovered that the new connected vehicles are not necessarily adequately secured. In fact, their IP addresses can be scanned, and the open ports they maintain give a fingerprint of the underlying automobile operating system in use. Some have been found to have exploitable vulnerabilities. Others have vulnerabilities that are waiting to be discovered. Think I’ve been watching the Terminator movies once too often?
Unfortunately, no, it is very real. See this article:
http://www.wired.com/2015/07/hackers-remotely-kill-jeep…
According to the article above, “Miller and Valasek have been sharing their research with Chrysler for nearly nine months, enabling the company to quietly release a patch ahead of the Black Hat conference. On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler’s website.”
Their research and exploit happens to target Chrysler’s Uconnect technology. But, I fully expect that Ford’s Sync Site, which runs an embedded version of Microsoft Windows, would be equally (if differently) vulnerable. How would you protect yourself from this type of attack?
My first thought was to shutdown bluetooth, just like I do on my other devices. But, reading the article, I realized the hacks were not being conducted via bluetooth, but rather from the comfort of a researcher’s couch, miles away from the target vehicle and over the Internet. So, you could shutdown the cellular signal. Even then, would you really know your vehicle was not “calling home” just because it was not providing a hotspot within the car? In some vehicles, Audi’s for example, you can physically pull out the 3G or 4G cellular SIM card. That would probably be foul proof, assuming you are willing to disable the cool new connection features that auto makers are charging premiums to have installed in their vehicles.
In any case, with knowledge comes power. And, now you know to think about the features and also the vulnerabilities, when you go to purchase your next new car.