Cars are becoming increasingly fueled by tech — are you keeping up? Here's how to boost your car's cybersecurity to ward off hackers.
Car hacking becomes a reality as cars get smarter
The latest auto technology comes with huge benefits, but also some potential risks. We're talking about car hacking. No, it's not common. Yes, it's very possible. Intrigued? So were we. As part of our commitment to making car insurance —
and all things driving related — surprisingly painless, we're providing drivers with some simple tips to protect their cars from being hacked.
How cars get hacked
Car hacking involves manipulating a car's code to gain access to its electronic control units (ECUs). These ECUs control everything from basic dashboard functions to the engine and brakes. A modern vehicle can contain up to 100
ECUs, giving potential hackers a number of entry points into a car's computer systems.
If you have a more modern vehicle equipped with connectivity features, it's smart to stay up to date on car technologies and how they may affect you and your ride. For now, traditional break-ins are much more common than hacks,
and the likelihood of your car being criminally hacked is extremely small. As cars become increasingly interconnected and autonomous, though, it's a good idea to take your car's cybersecurity seriously.
Read on to learn more about how to protect your car from five of the top car hacking techniques.
1. Hacking your keyless entry remote
If you have a few hundred dollars and no regard for the law, it's pretty easy to hack a car through its keyless entry remote. This is because keyless entry remote systems use wireless or radio signals to unlock cars.
Using devices that are able to transmit electronic signals through walls, hackers are able to "amplify" these wireless signals, tricking the car into thinking the key fob is close by and unlocking the car.
Keyless entry remotes
- Store your key fob in the refrigerator overnight — the metal blocks the fob's signal, so hackers can't intercept and amplify it. Or, if you don't want your roommate asking questions, use a radiofrequency-shielding bag.
This may sound like something out of a science fiction movie, but it's actually just a small pouch you put your keys in. In addition to protecting your car from hackers, you're also less likely to misplace your keys! With starting prices as
low as $10, they're affordable and available through major online retailers like Amazon, Ebay, and Walmart.
- As an added measure of protection, you could also install a steering lock mechanism. If they can't steer it, they can't steal it. Steering wheel locks are readily available in local hardware and auto parts stores, as well as
in big box stores like Walmart and Target. You can also find them online. Prices vary, but steering wheel locks can be bought for as little as $15. As an added bonus, a steering lock helps prevent traditional car thieves as well.
2. Hacking your entertainment system
In an effort to provide the same level of convenience and connectivity as your smartphone, most automobiles feature highly sophisticated entertainment systems. These can offer navigation, be used to make phone calls, and even create a Wi-Fi hotspot.
Due to their cellular connection, these entertainment systems offer an easy in for hackers if they're not equipped with proper safety features. Theoretically, when a car has its own hotspot, anyone who knows the IP address can gain access to the
entertainment system and then move throughout the car's computer systems, controlling everything from windshield wipers to brakes.
"From an attacker's perspective, it's a super nice vulnerability," Charlie Miller told Wired journalist Andy Greenberg. Charlie, with colleague Chris Valasek, famously hacked a Jeep Cherokee via its Uconnect entertainment system
- Look for cars with Apple CarPlay or Android Auto systems. They have better security than automotive entertainment systems. Check out the links above to see which car models are compatible with these
- Consider buying your car from a company that rewards white hat hackers who point out software vulnerabilities. General Motors and Tesla are among the first to do this, and while other companies haven't officially joined their
ranks, it will likely become more common as automakers up their cybersecurity game.
- Update your software frequently to fix vulnerabilities as soon as they become known. Previously, you would typically only hear about a software update if it was part of an official recall or if the automaker were to face a lawsuit
unless they updated software. But now automakers such as Tesla, Ford, and General Motors are letting drivers know about software changes via over-the-air (OTA) updates — which you can then use to update your car's software
without making a trip to the dealership.
Prior to the rollout of OTA updates, car owners had to return to the dealership if a vulnerability was detected. With OTA updates, automakers are able to push updates directly to owners, who simply have to authorize the software update through
their car's entertainment system — similar to how you'd update the operating system of a smartphone.
Since a mechanic usually charges an hour of labor to update software, OTA updates are a hassle-free and money-saving alternative. However, if your problem is critical and related to basic driving functions such as steering and brakes, you may
still want to take your car into a shop.
3. Hacking your car through your apps
Car-linked smartphone apps are an easy way to start your engine or unlock your car. Rather than directly linking to your car, they send a request to a cloud service that's forwarded to the car via cellular link. The car trusts the signals coming
from the cloud service. However, if a hacker compromises the app and sends new signals to the cloud service, the car won't know the difference and will do anything it's instructed to do.
It's also possible to hack cars by encouraging users to download malicious apps. In one test scenario, a hacker created a free Wi-Fi hotspot and encouraged car owners to download an app that would get them a free meal at a nearby
burger shop. Malware in the app exposed their username and password the next time they logged on to the Tesla app. The hackers then tracked the car, got in it, and drove away without ever touching the keys. Sounds scary, but there are super
simple ways to stay protected.
- Avoid using a smartphone app to start or unlock your car unless it's equipped with double-factor authentication, which is a two-step authentication process that uses multiple methods to verify who you are and protect your credentials. Instead of asking for a password or pin only, apps with double-factor authentication will require an additional security factor such as a fingerprint or security question.
- Beware of phishing attempts — don't download any apps that aren't reputable. Does the app have a lot of positive reviews? Check out the developer's website to find out. If they've put out a lot of popular apps, they're probably not going to be pushing malware. Always be aware of the permissions you give an app such as location and camera access.
4. Hacking your car's "black box"
If your car was built and sold in the U.S. after 1996, it was required to have an on-board diagnostics system, also known as the OBD. The OBD can be found under the driver-side dash and acts like a black box for
your car. It monitors emissions, mileage, speed, and other data, and is often used to gather information about what happened just before a crash.
In order to read and relay the computer's information, a device called a dongle must be plugged into the OBD port. The dongle monitors driving behaviors and habits and can send the information to a mobile device via Bluetooth or Wi-Fi.
When the dongle is plugged into the car's OBD port, hackers can compromise the OBD by connecting to the dongle via Bluetooth or Wi-Fi. They can then use this entry point as a backdoor to hack your car's other computer systems.
On-board diagnostics system
- Install an OBD lock to protect your car's computers from potential thieves. The fairly inexpensive device plugs into your OBD port and blocks access to the computers. Bonus: it not only protects you from remote car hackers, but also from traditional car thieves who could physically break into your car and compromise your OBD port with a malicious plugin.
- Research the safety features of a dongle before connecting it to your OBD port. While there are big benefits to connecting a dongle to your OBD system — like the ability to monitor your car's performance and locate your vehicle — there are a few things to be aware of. Ideally, dongles should only receive computer messages from the car, and not send them. Remember that "anything that is connected to the car and the Internet provides additional attack surface, especially when it is plugged into the diagnostic port." says Chris Valasek.
5. Hacking your car through the USB port
A USB drive that's been infected with a virus or malicious software can compromise your car.
There are a number of reasons you may plug a USB drive into your car — maybe you have music downloaded to the drive for a long road trip, or maybe your car manufacturer sent you a new drive that contains software updates.
The real kicker here is that USB drives can be infected with viruses without your knowledge. Viruses on computers can affect thumb drives. And inadvertently downloading malicious files onto a thumb drive can affect the USB.
When you plug a drive into your car's USB port, the system automatically accesses and runs the files. So while you think you're just listening to music, you may actually be infecting your car with malware.
Even if you don't plug thumb drives into your car, the USB port is still a vulnerability. A hacked phone that's plugged into your car via USB gives hackers access to your car's various ECUs, which control anything from the engine and transmission
to windows and door locks. Be extra careful about your phone's security if you regularly connect it to your car via USB.
- Don't plug unknown USB drives into your car.
- USB drives can easily be compromised and corrupted. Programs like VirusTotal and Sandboxie (for PC users) will analyze the files on the USB securely, checking for potential viruses or malware.
Protecting your vehicle is surprisingly painless
At this point in time, it's still unlikely that a hacker will take remote control of your vehicle. However, it's important to note that where computers are present, hacking is a potential.
"Hacking isn't a common risk right now, but it's something we should be aware of as cars get smarter," says Eric Brandt, Chief Claims Officer at Esurance. "Esurance is all about making insurance simple, transparent, and affordable. One way we
do that is by highlighting risks drivers might not be aware of, so they can avoid them altogether."
As cars become more and more computerized, the possibility of hacking remains a concern. Overall, however, the advances in technology are only propelling the industry forward.
"The good news is, the advantages we've already seen from car tech far outweigh the risks," says Brandt. "Crash avoidance technologies like lane departure warnings, dynamic braking systems and blind-spot detection are making cars much safer —
and are poised to reduce the frequency and severity of accidents. It'll save people money on auto repairs and car insurance. But more importantly, the technology can save lives."
As far as hacking crimes such as keyless theft are concerned, you can sleep easy knowing comprehensive coverage — which covers you for loss or damage caused by theft — is at your side.
With the right amount of know-how and a few surprisingly painless tips, Esurance is here to help you stay safe — and stay protected. Get your quote today and see how simple and affordable insurance can be.
Check out the infographic below to see how (and where) your car could potentially be hacked, and tips to stay safe.
[See full infographic here]
FBI | USA Today | IoT Agenda | Wired | Inside Secure | Autoevolution | Promon | NHTSA | McAfee | Illmatics | TechCrunch | Ponemon Institute | Consumer Reports
Protecting your car from thieves
Learn these seven actionable tips to help keep your car secure.
Are we ready for self-driving cars?
They show promise in the way of safety, but are we actually ready for autonomous cars just yet?
Many drivers misinformed about what data their car is sharing
Discover consumer beliefs, myths and realities of car data and privacy.