This week the FBI warned that consumers and manufacturers should remain vigilant to computer attacks targeted at automobiles. In a joint press release with the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA), the FBI cautioned that motor vehicles are increasingly vulnerable to remote exploits, allowing hackers to sever the brakes and control the steering. As unsuccessful as we’ve been in the ongoing struggle with malicious hackers over control of our mobile phones and bank accounts, I can only imagine where this will lead.
“The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles,” the agencies released in a statement Thursday. “With this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.”
Back in the summer of last year, two security researchers—Charlie Miler and Chris Valasek—remotely hijacked a Jeep Cherokee. Through software vulnerabilities in the code powering the vehicle, Miller and Valasek sent commands to car that gave them control over the entertainment system, the steering and braking systems, the climate system, and other software-controlled functions within the vehicle. “When you lose faith that a car will do what you tell it to do,” Miller said in an interview at the time, “it really changes your whole view of how the thing works.”
According to the FBI, using a cellular signal or the user-enabled WiFi within the vehicle, Miller and Valasek were able to manipulate:
- In a target vehicle, at low speeds (5-10 mph):
- Engine shutdown
- Disable brakes
- In a target vehicle, at any speed:
- Door locks
- Turn signal
- Radio, HVAC, GPS
After Miller and Valasek identified the vulnerabilities within the Jeep Cherokee, Chrysler issued a 1.4 million vehicle recall and mailed USB drives to owners with updated software to fix the exploits.
Most vehicles today run software. Many of them now possess Wifi within the vehicle or allow some wireless connectivity to the car via cellular signal. Over 30 GM models in the Chevy, Cadillac, Buick, and GMC lines come optionally equipped with 4G LTE. “We’re excited to give millions of customers an opportunity to explore the technology,” said Mary Chan, president of GM’s OnStar subsidiary operating the maker’s 4G service.
It’s evident that as more cars are connected to the outside world (and the Internet), we can expect more problems. So what are we supposed to do?
If your car has Wifi connectivity, the FBI recommends:
- Ensure your vehicle software is up to date. If you are unsure if it is, call your vehicle manufacturer and ask how to determine the software version you have and if it’s the most recent. If it isn’t, take your car to the dealer and have them upgradte it.
- Be careful when making modifications to the vehicle software. If you modify the software on your own, you may open up additional vulnerabilities.
- Maintain awareness and exercise discretion when connecting third-party devices to your vehicle. This includes USB drives, iPods, mobile phones, etc. If you can plug it into your car or connect to it via Bluetooth, you are creating a vector for attack.
- Be aware of who has physical access to your vehicle. They may install software without your knowledge, giving them remote control to systems within your car.