Hacking Cars Getting Easier and More Dangerous

If your car is in any way connected to the Internet, it can get hacked into. You know it’s only a matter of time before hackers begin infiltrating motor vehicles in droves, being that vehicles are plagued with hundreds to thousands of security vulnerabilities.

11DThis hack is more serious than you think. Drivers and passengers should be aware that “flawed” and compromised vehicles can suddenly be overtaken remotely, forced into shutting down the engine in the middle of a highway or drive the car into other cars.  And it’s not just cars, but 18-wheelers and busloads of people.

In fact, white-hat hackers (the good guys) have even demonstrated that a bad hacker could take control of a motor vehicle, ranging from annoying pranks such as turning on the windshield wipers and radio, to potentially lethal actions like stopping the engine.

Hackers could demand ransom from governments in bitcoins for the return of the vehicles’ control to their drivers. Or, as the Assistant Attorney General for National Safety has indicated, “connected cars are the new battlefield”. Connected cars could be used by terrorist organizations to create havoc on mass scale.  The possibilities are limited by the imagination.

This concern has motivated the FBI, Department of Transportation and the National Traffic Safety Administration to issue a public safety alert, warning consumers to keep their service schedule in order to enable to upgrade cars’ software with remedies to those security vulnerabilities.

Solutions are available and in the works.

  • If your car has any web connecting abilities, do your research for year/make/model. Searched “hacked” along with the cars particulars.
  • Manufacturers that have discovered security vulnerabilities (often because a researcher makes it public) have offered subsequent patches in response. These notices may come in the mail or through a dealership.
  • It’s important to check with your cars manufactures website to determine if a vulnerability exists.
  • A connected vehicle has ECUs: electronic control units. An article in Fortune says Karamba Security’s “Carwall” can detect and thwart cyber attacks. Carwall is like a firewall for your vehicle ECU. It detects anything that’s not permitted to load or run on ECUs.

When the ECU software is being built, security software can be seamlessly embedded, becoming part of the entire process. No change of code, no developers’ know-how, no false positives and no hacks. Problem solved.

New app stores house or car keys online. Is it safe?

Ever lock yourself out of your car or home? I’ve done each at least once this year; that’s about my average. After the last time I got stuck on the cold side of my front door, I decided to go with keyless locks for my home, specifically the Schlage Touchscreen deadbolt, and it has solved my problem. But then there’s still my vehicle to consider; while autos are now available with keyless door locks too, I haven’t graduated to that just yet.

Anyway, I was made aware in the comments of a post of an innovative startup called KeyMe, which is a smartphone app you use to take a photo/scan of the keys you want to have a virtual backup of. Once the backup is made, it’s stored online, and users can download instructions to provide to a locksmith who will be able to make a duplicate. KeyMe also offers kiosks, which are rolling out in certain cities as a test pilot. At the kiosk, you’d simply alert the kiosk via the app of the instructions to make you a new key. But one commenter was concerned of the safety and security of posting your keys online and then getting hacked.

So, is KeyMe safe?

Certainly, if your digital copies of home or auto keys ended up in the wrong hands, that would be an issue. Today, any site storing personal information has an obligation (and it’s in its best interest) to ensure a user’s security by encrypting the user’s data and adding multiple layers of protection in the form of hardware and software, as well as physical security at the server level.

So, at its face value, I’d say the data is safe. However, I’d recommend not posting any associated names or addresses with an account like this. Use an obscure username, and consider using an email not associated with your real name. And make sure your devices are password protected so if your device is lost or stolen, a criminal doesn’t have access to your house keys. Keep your devices’ antivirus up to date, and get a home security system because if all else fails, even keyed access will set off your alarm.

 And sign me up! I need this!

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on Fox Boston. Disclosures.