The US Federal Bureau of Investigation issued a warning about the vulnerability of “smart” cars to hacking attacks, stressing that manufacturers should carefully integrate new on-board systems that could allow attackers to remotely control critical vehicle functions.
“Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality,” reads the FBI advisory, issued in collaboration with the National Highway Traffic Safety Administration. “While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk. Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
The FBI bases it’s warning on past successful hacks on various cars that featured inter-connected and internet-connected systems. The hackers gained remote control over critical systems, such as disabling breaks, shutting down engines, tampering with steering, and even tampering with door locks and turn signals at high speeds.
Warning consumers to update their vehicles firmware whenever manufacturers make updates available, the FBI also urged caution when using third-party devices that connect to in-vehicle systems.
“While manufacturers attempt to limit the interaction between vehicle systems, wireless communications, and diagnostic ports, these new connections to the vehicle architecture provide portals through which adversaries may be able to remotely attack the vehicle controls and systems,” warns the advisory. “Third-party devices connected to the vehicle, for example through the diagnostics port, could also introduce vulnerabilities by providing connectivity where it did not exist previously.”
Consumers who already own such vehicles are also encouraged to take minimum security precautions by adhering to the following checklist:
- Verify any recall notices received by following the steps for determining whether a vehicle has been recalled for a vehicle cyber security issue, as outlined above.
- Check on the vehicle manufacturer’s Web site to identify whether it has issued any software updates.
- Avoid downloading software from third-party Web sites or file-sharing platforms.
- Where necessary, only use a trusted USB or SD card storage device when downloading and installing software to a vehicle.
- Check with the vehicle dealer or manufacturer about performing vehicle software updates.