Modern Vehicle Hacking
By | Nur Syakirah Binti Shahabuddin
Introduction
As many are aware, modern vehicles nowadays are essential to a moving information hub. Modern cars are equipped with advanced features such as global positioning system (GPS) devices, key fob entry, sensors and in-car communication such as the Bluetooth connection. These modern technologies, apart from making life easier, also make the car more vulnerable to software bugs, being a target for hackers and exposing information to thieves and hackers [2].
Due to the lack of security standards, criminals have familiarized themselves with how to connect to a private network that is connected to household appliances and intelligent devices such as modern vehicles. Modern vehicles are progressively becoming the backdoor choice for data thieves due to the increasing amount of data collected and stored.
Attackers now have the option of focusing on either the vehicles by utilizing them to steal access to an e-mail account and private personal information or even access to a cloud administrator.
How does it happen?
a. Information Tracking and Data Theft
Setting home addresses into GPS and using a telematics system will record driving data. However, once physical devices are connected to the Internet, they can be a target of a cyberattack. Hackers can target an attack surface to access the vehicle’s Controller Area Network (CAN) [5].
With access to a connected car system, hackers could send commands from a remote location to track individual vehicles, discover live sites, and access credit card information, passwords, and financial data. This would also lead to exploiting private and personal information including contact details, call history and short message service (SMS).
Cybercriminals can use this valuable data for various purposes such as marketing, insurance contracts, spying, and even tracking an individual’s location.
b. Vehicle-to-Vehicle Communication
Vehicle-to-vehicle (V2V) communication technology allows vehicles to wirelessly communicate on the road to exchange information regarding direction, location and speed. This technology will enable vehicles to broadcast and receive Omni-directional messages and it helps them to be aware of the other cars in proximity [4]. Modern cars fitted with safety applications as such can use the data regarding surrounding vehicles to identify potential crash dangers before they happen.
This technology utilizes visuals, material and sound for the alert. A combination of these alerts can caution drivers so that they can act beforehand to avoid car crashes. In this case, attackers can modify information within the wireless communication technology and reduce the car speed using destructive malware. The V2V system becomes a vector where a malicious actor could create malware to contaminate numerous connected cars.
c. Key Fob Hacking and Car Theft
Fob hacking is essentially a method to empower an attacker to enter the car without softening up. In this case, the attacker blocks the signal from the remote key, locks the vehicle and responds to the signal to compromise the car [1]. Based on McAfee Research, one variant of the attack uses a jammer to block the signal. The jammer meddles with electromagnetic waves to communicate with the vehicle, blocking the signal and preventing the car from locking, thus leaving access free to the attacker.
Ways to Improve Vehicle Cybersecurity to Prevent Hacking
Vehicle threats in this context refer to anything with the potential to cause vehicle hijack by attackers and they will try to attack the car in many ways. The car drivers should be alert to detecting suspicious activity at every vulnerable point before it turns into a breach. Some of the ways to improve vehicle cybersecurity to prevent vehicle hacking are as below;
1. Auto anomaly detection is an excellent example of threat detection for vehicle manufacturers which provides both password breach detection and brute force. It helps alert any malicious activity within the system that could go undetected [3].
2. Improve the encryption on critical fob radio frequencies, securing the credential login to the mobile application and necessary server access. Features like biometrics and multi-factor authentication (MFA) can help secure access where the user needs more than their name and password to log in. Access requires an additional credential, such as a voice snippet, thumbprint or facial recognition. Thus, it could help block hackers looking for a quick way to hijack.
3. Before plugging the USB drive into the vehicle, scan it first because an infected USB drive could contain malicious codes designed to compromise the vehicle.
Conclusion
Due to the dynamic and developing threat environment, even the most modern vehicle can be a target of a cyberattack. Extra measures need to be taken for security purposes through design and defence in depth. Modern vehicles with connected devices need constant oversight and protection from becoming a profitable target for cybercriminals.
