Hacking Your Car Easier Than You Think: How to Protect Yourself


Moshe Shlisel knows exactly how someone can hack your car. Fortunately, he is one of the good guys. His company specializes in cybersecurity. His team researches vulnerabilities in cars to identify risks and help guard against them.

In his experience, almost all modern cars on the road today are extremely vulnerable to hacking. And, it happens in the real world, although it receives little attention and society is largely naïve about the number of car and other industrial hacks, Shlisel said.

In 2019, for example, the US Army’s Stryker armored vehicles were hacked, compromising some of their systems, according to reports published in The Drive and ArmyTimes.

In June of last year, Forbes reported that almost every automaker has been hacked and that there has been a general increase in attacks over the years. Forbes quoted Upstream’s latest Global Security report: “There was a 99% increase in cybersecurity incidents (150) in 2019 with a 94% increase year-over-year since 2016. Insurers Just beginning to realize the seriousness of the threat, and some question whether auto cybersecurity is a national defense issue. “

“The more sophisticated the system, the more connected your vehicle is, the more exposure you are,” said Shlisel, CEO and co-founder of GuardKnox Cyber ​​Technologies Ltd. in Israel with subsidiaries in Detroit and Germany. “We took any model (car) you can think of and we hack them in various places. I can control your direction, I can stop and (start) your engine, control your brakes, your doors, your wipers. , open and close your safe.

These are only a fraction of the safety risks of vehicles. Cyber ​​security experts claim that professional hackers can take over vehicle systems or access a driver’s personal data in most modern cars quite easily, even if they are sitting halfway around the world. . All they need to do is find your car’s unique Internet Protocol (IP) address.

It presents automakers with an endless task of keeping up with the evolution of technology to stay one step ahead of the bad guys. And action is being taken.

“It’s a cat and mouse game, you have to be on the ball all the time to stay ahead of the game, otherwise if you don’t move forward you get hacked,” said Michael Dick, CEO of C2A Security, which is based in Israel and works with automakers on cybersecurity solutions.

Hire pirates

Over the past 15 years, automakers have increasingly added software to vehicles.

Today there are 100 million lines of coding in a vehicle, more than in a jet, laptop or cell phone, Dick said.

Some of this software is written by automakers and some by vendors, which further complicates the process of protecting against malicious forces, he said.

“If you ask a manufacturer what kind of software is in a vehicle, they won’t be able to tell you. This is in part due to a complicated supply chain in the automotive industry, ”said Dick.

C2A Security has discovered that there are constant attacks on automotive systems such as infotainment and connectivity, possibly even safety-critical systems that go unpublished as they are typically done on a single car and stay between the hacker and the car manufacturer.

Dick expects that at some point there could be ransomware attacks on cars. This is where a driver will try to start the vehicle and get a message that says, “To start your vehicle you will need to pay 500 bitcoins. There is no way around it. You’ll have to get it towed and get brand new software to start it, ”he said.

It has already become popular to steal a credit card or personal information, which is available in the vehicle’s infotainment system, Dick said.

“These are two low-end examples,” Dick said. “I know for sure it happened… in cybersecurity labs they might have hacked cars and then they release it and tell the automaker they’re doing it to show how good they are. It has happened several times during the year.

At the end of last year, ethical hackers installed software in a drone and flew over a Tesla and opened the doors of the car, Forbes reported.

“Theoretically, you could steal a car,” Dick said.

“When these hacks are published, it means they told Tesla and Tesla fixed them,” Dick said. “But they were able to do it.”

It has also been shown, he said, that a hacker could theoretically take control of one vehicle or multiple vehicles at once, posing a threat to lives and infrastructure.

“Imagine having that attack where you take the busy freeway at 9am and malware has been installed in thousands of vehicles and everyone is losing their brakes or turning left,” Dick said. “You would potentially have thousands of deaths and that would compromise the road network.”

Hackers alert Detroit’s 3

One of the most notorious vehicle hacks took place in 2015 when ethical hackers Charlie Miller and Chris Valasek conducted a semi-controlled experiment and managed to remotely take control of a Jeep Cherokee, activating windshield wipers, detonating the radio and shutting off the engine in the middle of a freeway, ultimately landing it in a ditch, according to a Wired report.

Both caught the attention of General Motors. In 2017, Cruise, GM’s autonomous driving subsidiary in San Francisco, hired Miller and Valasek.

A year later, GM launched Bug Bounty. GM brought 10 hand-picked hackers to Detroit – technical jargon for an ethical hacker or security expert. GM paid them a bonus or cash payment for each “bug” they discovered in any of GM’s vehicle computer systems.

GM ended its private Bug Bounty program in 2019, but has an active bug bounty program through its HackerOne vulnerability disclosure program. HackerOne is a forum for ethical cybersecurity researchers to report various security vulnerabilities to companies.

Fiat Chrysler, now called Stellantis, has been running a similar program since 2016. According to the Bugcrowd report, the automaker awarded 542 benevolent hackers for finding vulnerabilities over the years. It pays them between $ 150 and $ 7,500 for each vulnerability discovered. Over the past three months, the average payout per vulnerability was $ 422.98, Bugcrowd said.

Earlier this year, ethical hackers alerted Ford Motor Co. that its internal system filled with confidential confidential information was not protected from hostile forces. Ford said he believed he had circumvented a security breach.

Driving a car from the 60s

Dick said, “If you want to be safe you have to drive in a car from the 60s.”

It’s a bit extreme, but Adams and Shlisel offer other tips for car owners to protect themselves against cyber hacking beyond what automakers do with cybersecurity.

– Consumers should demand that regulators require automakers to pass the same type of cybersecurity exam as they do for safety assessments.

– Do not connect devices via bluetooth to your car unless the device providers can assure you that the device is protected.

– Keep your mobile phone up to date with the latest security checks available.

– Create and use strong passwords for your OnStar account or in-vehicle Wi-Fi.

– Do not insert unreliable peripherals into the USB port. If you find a USB flash drive on the floor, don’t plug it in to find out what’s inside.

© 2021 www.freep.com. Visit freep.com. Distributed by Tribune Content Agency, LLC.

Source link

Leave A Reply

Your email address will not be published.