07.08.14

Connected Cars: Hackers next target

Connected cars are a reality, but are they secured?

Private information, software updates and specialized applications for Connected Cars are the three main areas under which hackers can initiate attacks.

The industry can no longer ignore the security problems associated with the communication and internet services that are included in the new generation of Connected Cars. Today it is much more than just ‘park your car safely’.

Access to social networks, email, smartphone connectivity, calculating routes, interior applications and more. These technologies offer great benefits for drivers, but also bring with them new risks to users. That is why it’s necessary to analyze the various channels that can lead to cyber attacks, accidents or even vehicle maintenance fraud.

Private information, software updates and smartphone applications connected to the vehicle can make three different forms of hackers’ assault from the network.

Connected Cars can open gate to threats that exist in PC and smartphones world. For example, the owners of Connected Car may find that their passwords were stolen, which could reveal the location of the vehicle and even allow the doors to be opened remotely.

Privacy issues are critical, and members of the industry today must be aware of the new risks that simply did not exist before.

More examples could be using familiar methods such as phishing, type recording and social engineering. These could lead to unauthorized access of an external entity to user data and then to the vehicle itself. Hence, mobile app can be installed using the same privileges, and may allow remote control of the entire car.
If you run the remote opening of the vehicle from a mobile device, you are actually creating a new set of keys to your car. If the application is not secure, anyone who steals the mobile device can have access to your vehicle. With a stolen phone it is possible to change application databases, create bypass to any PIN code verification and allow hackers to operate options on remote.

Drivers for Bluetooth systems are updated via downloading a file from the car manufacturer and installation via USB. If this file is not encrypted or signed, and includes information about internal systems operating the vehicle, it could allow hackers to penetrate the system and run malicious code in it.

Some functions are associated with the SIM card inside the vehicle using SMS communications. Hacking into such communication channel could allows sending fake messages, and even replace the car manufacturer’s communications with the hacker’s own provisions and services.