Car Hacking - An overview

by Arnold Prakash - Intern

Car Hacking - An overview

A car consists of multiple computers to control the engine, transmission, windows, locks, lights, etc. These computers are called electronic control unit (ECU) and communicate with each other over a network. For example, when you press the button on your steering wheel to increase the volume of the radio, the steering wheel ECU sends a command to increase volume to the network, the radio ECU then sees this command and acts accordingly. There are multiple networks in a car, generally at least two: One for critical data such as engine and powertrain messages And one for less critical data such as radio and door locks. The critical network uses a fast and reliable protocol whereas the non-critical network uses a slower, less reliable but cheaper protocol. The number of networks as well as which ECUs are networked together depends on the car make, model and year. An ECU could also be connected to multiple networks.

Key Fob Hacks

The most common way hackers gain access to cars today is through the computerized key fob — often in order to steal the vehicle (or what is inside of it). This is typically done by spoofing or cloning the signal that a car and key use to communicate with each other.

Mobile App Hacks

Automotive mobile apps is good for consumers, but the increase in their utilization has also given hackers new ways to access automobiles. And when hackers gain access to the information and control available in automotive apps, the results can be devastating.

Server Hacks

Server hacks have the potential to be catastrophic in more ways than one, as breaking into a central server gives hackers access to everything: sales data, mobile apps, and even the controls of every vehicle connected to it. This can lead to multi-vehicle or fleet-wide attacks, which are extremely risky to all parties involved, from OEMs to telematics service providers, and companies who manage fleets to the drivers themselves.

OBD-II ports

Onboard Diagnostics (OBD) Refers to any vehicle’s ability to register and report issues that may occur or have occurred within the system. Examples include low-performance, low-fuel economy and heavy emissions. OBD-I was first introduced in 1987 to standardize the onboard diagnostics across the industry. If you own a car built after 1996, however, it probably has an OBD-II port. This port can be accesses using OBD tools and your car can be monitored/controlled remotely too. So don’t let anybody connect any devices to your OBD port.

“If there was a war or escalation with a country with strong cyber-capability, I would be very afraid of hacking of vehicles,”

-Justin Cappos

How to protect from a hacking?

Most of the things are to be done from the manufacturer's side but still let’s take some precaution from our part.

Key Fob Hacks

  1. Don’t program your home address into GPS: It may be convenient, but car thieves and hackers can use your GPS to find your home address. And if they have access to your garage door opener, they can get into more than your car: they can get into your home as well.

  2. Limit wireless or remote systems: Systems that disable or monitor your vehicle remotely place you at the most risk. While many other systems are hard-wired into your vehicle’s computer, wireless or remote systems are often controlled online and are more vulnerable and attractive to hackers.

  3. Don’t leave your password in your vehicle: Hacking can happen physically inside your vehicle as well. A car thief who finds your password, for example, can take over your account. That means the feature that allows you to remotely shut off your engine when you report the vehicle stolen will be useless.

  4. Go to reputable shops: Anyone with physical access to your vehicle and hacking know-how can cause problems for your vehicle. So, when you’re leaving your car at a shop, whether for minutes, hours, or days, you’re taking a chance that someone can easily hack it — and even make it appear that you need repairs that really aren’t necessary. They may also be able to get access to information such as your driving data history. Only use shops and dealerships that you know you can trust not to take advantage of your car’s computer systems.

  5. Don’t download untrusted apps or use your car’s Web browser: Your car’s infotainment system is unprotected and ripe for the picking. Untrusted apps in your infotainment system can introduce malware. You should never use the Web browser on your vehicle, either. Simply use your mobile phone instead while safely parked.

  6. Buy a vehicle with Android Auto or Apple
    Using your smartphone to manage your car’s entertainment system can be more responsible than a freestanding infotainment system. If you’re taking mobile security steps, this will make your system more secure.

  7. Buy an old car and wait for auto manufacturers to catch up: This may not be a real option for many drivers, but Luddites can simply buy a vehicle that predates many of the connected features that make vehicles vulnerable today while manufacturers get up to speed and learn how to better protect vehicles and their drivers from hacking vulnerabilities.