HOME > BLOGS > CYBER CRIME

Cars Vulnerable to Hacking - The Facts and Fallacies of Car Hacking


Cars Vulnerable to Hacking - The Facts and Fallacies of Car Hacking


Share now!
Car Is Vulnerable to Hacking – The Potential Gateways to Hackers

In the era of rampant and ever-evolving cybercrimes, car hacking is no longer a remotely-pursued concept. While much news and hearsay have floated regarding car hacking, wondering if your car is vulnerable to hacking? So, is car hacking possible? And if yes, what are the cars vulnerable to hacking? Here are the facts and fallacies of car hacking.

The Depiction of Car Hacking in Movies

Is car hacking possible? In movies, yes.

If you have seen the movie ‘Fast & the Furious 8’, then you know that a hacked car is not the best thing in the world! Charlize Theron, who plays an able hacker, creates a program for car hacking. This is then used to rescue the protagonist, Vin Diesel, in one of the scenes.

She uses the program to hack into every car in New York City and control them from her computer with the click of a button!

Is your mind racing through the question if your car is vulnerable to hacking?

The reality check.

Car hacking is not a cakewalk. It may be possible in the future. But, it is impossible at present!

Which Are the Cars Vulnerable to Hacking?

Your car is vulnerable to hacking. But, maybe way into the future. Cars vulnerable to hacking are those having automatic transmissions, and state-of-the-art navigation systems and sensors.

The manufacturing of most cars that currently roam our cities was at least a decade back. They, therefore, do not possess such features that make it vulnerable to car hacking. In the modern cars though, features based on Artificial Intelligence and IoT, make them vulnerable to a hacking.

Some modern cars such as the BMW 7 series has a feature to remotely control the car and maneuver it in any desired direction. In fact, one need not be INSIDE the car to control it! Well, this is one example of cars vulnerable to hacking where hackers can control the entire car remotely by using a proper code.

The Evolution of the Internet of Things (IoT)

The Internet of Things (IoT) has been a game-changer in the application of modern technology. The application of IoT is gaining a lot of recognition. In another couple of years, IoT is set to be a 17 trillion dollar market!

In the near future, almost all cars are going to be electric. Tesla is a good example of the cars that we will see in the future.

It’s expected that the perils of car hacking shall grow worse by 2020 with more autonomous vehicles hitting the roads. Mercedes Benz is already manufacturing self-driving cars. These driverless cars communicate with each other through an IoT-based system called “Cellular-Vehicle-to-Everything”.

With IoT witnessing more and more applications in cars, car hacking may be a common occurrence in about 5 years or so. The result? More cars vulnerable to hacking.

How a Car Is Vulnerable to Hacking – The Potential Gateways to Hackers

As already explained above, there is still some years before one can really hack a car. However, it’s good to be cognizant of the loopholes that make a car vulnerable to hacking.

Gateways-to-Hackers Car hacking

1. Car’s Entertainment System

Featuring on top of the list is a car’s entertainment system.

What is the central and common medium that you use for answering calls, playing music, looking up directions or connecting to other applications? What do you use for connecting to Bluetooth, WiFi, and cellular networks?

The car’s entertainment system.

Therefore, it is one the most vulnerable parts of a car since it’s highly connected to the world outside.

BlackBerry-owned QNX (popular for navigation technologies and in-car entertainment) is already targeted as one of the “possible mission areas” in a WikiLeaks document. Interestingly, more than 50 million vehicles, ranging from Audi to Ford, use QNX.

According to Cyber Security experts, once hacked, hackers can track a car’s movements, monitor any data that passes through its system, and even eavesdrop on conversations!

2. Onboard Diagnostics Post

Did you know that your car too has a nervous system? It’s your car’s onboard diagnostics, or what is also called as the OBD-II port. The port connects to the controller area network bus (CAN bus) of a car. If the systems attached to the CAN bus are not protected against cyber intrusion, one can easily take control of anything attached to it.

Eyeing that really advanced car for your next big purchase? Remember that the more modern your car is, the more are the chances your car’s systems connectivity to the CAN bus. This is because advanced cars have a number of electronic control units (ECUs).

Once compromised, a hacker can take control of the infotainment, driver assistance systems, steering, engine, braking, and even your car’s door locks!

However, car hacking through the OBD-II port is not easy since its location is under the dashboard on the driver’s side. A hacker needs to access it from there and use the specific software as per the model and make of your car. So, there’s no point in taking control of the car that they are already in unless they wish to steal it.

3. Smart Keys

Yes, we all love using a remote keyless system to unlock our cars. It’s cool! But, on the flip side, smart keys can be the potential gateways for hackers or thieves!

A hacker can fool your car with a duplicate signal by capturing your key’s actual fob signal. They can use technology to break into the remote key’s code or capture the signal transmitted to the car. It is difficult but POSSIBLE.

In fact, some thieves use devices that expand the range of a car’s proximity sensors. Thus, the car starts sensing that you’re nearby when you and the keys are actually far from it. Unscrupulous agents can misuse this to spoof the sensors to unlock the doors and enable the start button.

4. Dedicated Data Connections

Wish to have a 4G LTE data connection inside your car to turn it into a mobile hotspot? Excellent! But is your connection secure? Not sure? Beware! This could provide hackers with access to your car’s electronics and makes your car vulnerable to hacking.

Secure your connection by keeping it password protected. Please refrain from using the car’s default passcode as the password. Avoid transmitting confidential or business-critical data using systems connected to your car’s CAN bus.

Following are some other parts/features of a car that a hacker can exploit:

  • Transmission Control Unit
  • Body Controller: Lights, Locks etc.
  • Anti-lock Braking System
  • Keyless Entry
  • Telematics
  • Tire-Pressure Monitoring System
  • Airbag Control Unit
  • Heating, Ventilation, and Air Conditioning System

How Automakers Are Responding to Curb Car Hacking?

Coming back to the question: Is car hacking possible?

As you may have understood by now, it is. It may still be a distant dream for hackers but automakers are prompt in implementing preventive measures in cars.

Modern vehicles consist of nearly 100 computing units and countless codes. Therefore, they have the feature to download security patches wirelessly. This is similar to the way smartphones and computers get software updates at regular intervals.

Additionally, the recently introduced “over-the-air updates” allow automakers to discover newer security vulnerabilities in a faster and more efficient way. They can thus respond to threats better and even remotely repair defective vehicle software.

Fighting Cybercrimes with Incognito Forensic Foundation (IFF Lab)

Ensuring cyber security of all devices that are ‘connected’ is getting more and more challenging by the day. So much so, that entire nations can be brought down to their knees by launching a strategic cyberwarfare. Incognito Forensic Foundation (IFF Lab) is a private cyber and digital forensics laboratory in India that offers cyber security services. Its cybercrime investigation and digital forensics services extend to Law Enforcement Agencies, the Government, private enterprises and even individuals.

Victim of hacking? Contact IFF Lab for assistance.