Cars today rely heavily on computers, and while the idea of hacking a car may seem like a plotline out of a heist movie, it’s quickly becoming a reality. Modern cars are susceptible to cyber attacks in the same way that our phones and computers are, and that’s because modern cars are essentially computers on wheels. But how can cars be hacked and what can we do to protect ourselves?
Cars today are controlled largely by ECUS–electronic control units–that all have different functions. Each ECU has a specific job, whether it’s to monitor the temperature of the engine or unlock the doors. Here are just some of the computer systems that keep our cars functioning according to GlobalSpec:
Airbag Control Modules: Passive safety device that inflates the airbags when there is a collision.
Body Control Modules: Regulates body electricity including wipers, horns, and lights. It may also help the car’s entertainment system.
Engine Control Modules: Regulates the performance of a car engine. Includes igniting the spark plug, injecting fuel, and cooling the engine.
Electronic Brake Control Modules: Adjusts braking on ABS braking systems and helps prevent the wheels from slipping or locking.
HVAC Control Modules: Allows for automatic cabin circulation for auto AC units.
Infotainment Control Modules: Controls the dashboard computer system including navigation.
Power Steering Modules: Receives information on vehicle speed, steering position and torque and produces steering feedback to the driver.
Powertrain Control Modules: Regulates the powertrain system ensuring the power flows from the engine to the wheels.
Suspension Control Modules: Controls the suspension and adjusts the tension for the wheels to create the smoothest ride under current road conditions.
Transmission Control Modules: Adjusts the displacement and transmission based on the engine’s RPM.
Each ECU varies greatly from unit to unit. They use different communication components, have different numbers of inputs and outputs, and have different amounts of microprocessor memory depending on their function. More complex modules will need more complex communication systems, more inputs and outputs, and a higher amount of memory.
ECUs are essentially the brain of your car. They connect to each other via the CAN bus, where information is sent and received. And because this information can be sent and received, it can also be intercepted.
Car hacking isn’t the most common type of cyber attack but these types of hacks are increasing in frequency. According to Upstream, a cybersecurity and data management platform for cars, the amount of hacks on car systems increased 225% between 2018 and 2021. Upstream analyzed 900 incidents of car cyber security breach and noted:
In 2021 nearly 85% of attacks were done remotely.
Keyless entry and key fob attacks were the number one breach in security accounting for 50% of all vehicle thefts.
Data and privacy breaches accounted for 38% of incidents studied while car theft and break-ins accounted for 27% and control system hacks accounted for 20%.
As cars become more and more connected, these types of attacks are expected to increase in the future. Upstream anticipates losing $505 billion to cyberattacks by the end of 2024. So how exactly are hackers getting into your car?
Hackers use attack vectors to get access to your car’s computer system. Attack vectors are weak points in a system that can be used to access your car’s network. Attack vectors used to be limited to key fobs and physical access to the controller area network. But nowadays there are a lot more attack vectors, mainly because there is a lot more that is controlled by the computer. Here are a few ways they can get into your system:
Physically hacking into the system through the headlights, ABS, OBD port, or other susceptible areas.
Counterfeit parts and components of your car that are embedded with malware.
Through MP3 malware–a music download may be embedded with malware codes that can get into your car’s system.
Through data downloads–an update or app download to your car could be embedded with codes.
Intercepting a key fob signal.
Through an EV charging station.
If a hacker does manage to get access to your car’s computing system, what does this mean for you? Here are some of the threats that hacking poses.
They can remotely follow you through your tire pressure monitoring system.
They can find vulnerabilities in sensitive information access in some vehicles.
They can disable your brakes while you are driving.
They can change your destination on your navigation system.
They can cause your vehicle to accelerate.
They can hack into your phone if it is connected to your car and access your personal information.
They can get access to your car’s key fob and open your car without your knowledge.
They can send malicious messages or data to your phone or computer.
They can control your windshield wipers and air conditioning.
While there are seemingly endless possibilities when it comes to what hackers can do, there are certain threats that are more severe and more realistic. Hacking into your car to get your personal information or to steal your car are the most probable threats, as there is significant motivation to carry out these attacks. There will always be hackers who are motivated merely by malicious intent or simply to prove that they can do it, but the majority of hacking is done to get personal information or personal property.
So what can you do to protect your car from a cyber attack? There are a few steps that you can take to help keep your car–and your information–safe.
Simply cracking a password may allow hackers to get access to your car’s computing system. Taking the time to select a secure password will help minimize this threat.
A Faraday bag will block your car's key fob signal and prevent hackers from getting access remotely.
Counterfeit parts pose a huge risk not only for hacking but for your safety in general. Making sure you are getting certified parts will help ensure your safety.
Mechanics have access to your car’s computing system, so selecting a mechanic you can trust is important.
These ports allow you to plug in a device and pull information from your car’s computing system, so they are a major attack vector when it comes to hacking. Leaving a device connected, such as an insurance carrier’s tracking device, can open you up and leave you more vulnerable.
If someone breaks into your car and finds your password written down they can steal your car and even disable tracking for stolen vehicles.
Downloading music or data can open your car’s entertainment system up to a host of cybersecurity threats.
Car manufacturers are monitoring cyberattacks and looking for weak parts in the car’s computing system. Jeep Grand Cherokee had a recall in 2015 when it was determined that hackers could break into the wifi connected multimedia system and gain control of the car. Car owners were sent a USB update that contained rewritten code to fix where the security breach occurred. Staying on top of these recalls can help you stay safe.
A recent experiment from Sam Curry found that it’s possible to hack a car simply by knowing its VIN. Covering your VIN (located on the bottom of your windshield) with a piece tape or paper will hide it from a lurking hacker in a parking lot.
These systems have more advanced security settings than any other infotainment systems out there.
Hackers can learn a lot about you by accessing your GPS, from where you live to where you work to where your kids go to school. It may be easier to save these places in your navigation system, but you will be much safer if you can avoid doing so.
With new technology comes new risks. While so much of these advancements have made our lives easier and more seamless, they have also opened us up to a whole new world of threats. We may assume that it will never happen to us, but in today’s world the threat is always there. Using our tips above can help protect you from car hacking and keep you and your family safe.
If your car loan has you feeling vulnerable, contact Auto Approve today! We can help get you a new loan with better terms and lower payments. So what are you waiting for?