FOX Carolina 21

Hacking – Are you Safe in your car?

Ever had your computer held for ransom? A message pops up on your laptop screen and reads, “We will give you the code to unlock your computer if you pay us $300 dollars, and if you don’t pay, we will delete all your files.”

Now this phenomenon can occur with your car. Yes, you read that correctly — your car can be hacked and held for ransom.
I suppose that this was inevitable. Your computer, phone, tablet, appliances and car are all connected to the Internet or a network of some sort. Since 2008, most all cars have been equipped with on-board computers. Nearly everything is monitored from GPS, Oxygen Sensors and Air Pressure Sensors to a dongle provided by insurance companies that monitors driving habits so one can qualify for a “good driver discount”. (US based Progressive Insurance uses a dongle called SnapShot, a device placed in more than two million vehicles.)
Hacking red_alert

 

The dongle, which plugs into the OBD-II diagnostic port, collects data on how many miles are driven, what times of day a vehicle is in operation and how hard a driver brakes. In exchange for this driver data, prudent drivers can receive discounts as large as 30 percent off their premiums.

Having all of this technology in our autos can provide some great benefits. Unfortunately, these benefits may not be best for our safety. In 2013, both a Ford Escape and Toyota Prius were hacked by two Darpa-funded security researchers who spent months hacking into the respective systems and terrifying each other with tricks, including slamming on the brakes or hijacking the vehicles’ steering, with digital commands sent from a laptop plugged into a standard data port under the dash.

Now just two years later, the hacking has gone wireless and you no longer need to connect to the standard data port on a car. There are new exploits that are being cracked on a daily basis.

Security research authority, Corey Thuen stated (in a recent interview with Forbes Magazine), “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies … basically it uses no security technologies whatsoever.”

Just last week (August 11, 2015) hackers were able to cut a Corvette’s brakes via a common dongle that is used for monitoring for a company called Metromile. Metromile is a per-mile insurance company that basically tracks your vehicle mileage and if you drive less, you pay less. One security expert stated, “The security deficiencies are numerous for these dongles and there are no security measures in place to protect the common consumer from knowing that their car is vulnerable to attack. “

The use of the vulnerable dash dongles will extend past typical consumers, too. There was an executive order from the White House in March that called for federal agencies with fleets of more than 20 vehicles to use the dongles to improve vehicle efficiencies.

Not only will dash dongles be used but eventually the local and federal government is working on a mandate all vehicles feature a black box tracking device capable of reporting real-time vehicle location, speed, and mileage directly to federal authorities. This will just be another point of access for a hacker to ahold your car ransom.

Our planet is shrinking on a massive scale due to the advancement in technology. I, for one, am the first to yell, “LETS GO FORWARD”, but with this caveat, I definitely don’t want HAL running my life or my safety compromised by another person when driving.

A word of advice! Be careful what you install and connect to the Internet, if it can be connected — it can be hacked, will be hacked or has been hacked.

Author: Deveren Werne – Your Go To IT Guy and InnoVison Board Member
Deveren Werne is the Founder, Designer and Consultant of Greenville-based Mojoe.net.

Mojoe.net, mobile app, Web Design, Web Development and IT SupportIf you would like to discuss Your Logo with Mojoe.net or your website’s analytics, custom logo designs, social media, website, web application, need custom programming, or IT consultant, please do not hesitate to call us at 864-859-9848 or you can email us at dwerne@mojoe.net.