Tag Archive for: car

Car Thieves Can Hack into Today’s Computerized Vehicles

/in


These days, cars are computer centers on wheels. Today’s vehicles can contain over 100 computers and millions of lines of software code. These computers are all networked together and can operate all aspects of your vehicle.

It’s not surprising, then, that car theft has also become high-tech.

The ones and zeros of getting from A to B

The computers in a vehicle can be divided into four categories. Many computers are dedicated to operating the vehicle’s drive train, including controlling the fuel, battery or both, monitoring emissions and operating cruise control.

The second category is dedicated to providing safety. These computers collect data from the vehicle and the outside environment and provide functions like lane correction, automatic braking and backup monitoring.

The third category is infotainment systems that provide music and video and can interface with your personal devices through Bluetooth wireless communications. Many vehicles can also connect to cellular services and provide Wi-Fi connectivity. The final category is the navigation system, including the car’s GPS system.

Computers in one category often need to communicate with computers in another category. For example, the safety system must be able to control the drive train and the infotainment systems.

One difference between the network in your car and a typical computer network is that all devices in the car trust each other. Therefore, if an attacker can access one computer, they can easily access other computers in the car.

As with any new technology, some aspects of today’s cars make it harder for thieves, and some make it easier. There are several methods of stealing a car that are enabled by today’s technology.

Hijacking wireless keys

One of the high-tech features is the use of keyless entry and remote start. Keyless entry has become common on many vehicles and is very convenient. The fob you have is paired to your car using a code that both your car and fob know, which prevents you from starting other cars. The difference between keyless entry and the remotes that unlock your car is that keyless entry fobs are always transmitting, so when you get near your car and touch the door,…

Source…

Subscription Fees Get Mixed Results from Car Buyers

/in


A year after BMW began selling subscriptions to use its vehicles’ heated seats in South Korea, and with General Motors predicting annual software and services revenue of $25 billion by the end of the decade, S&P Global Mobility has surveyed nearly 8,000 consumers on the topic of vehicle feature subscription services.

S&P Mobility reported the results of its survey yesterday, saying that car-shoppers are largely satisfied with subscription-based infotainment services, but data security and privacy are concerns.

According to S&P Mobility, fewer than 30% of survey respondents are willing to pay for heated seats or a heated steering wheel by monthly subscription, and navigation and safety/security features were the ones most desired in respondents’ next vehicles.

As for infotainment subscriptions, the survey found that consumers favor their smartphone over their vehicle where features are redundant. Gen Z and Millennial respondents are most likely to drop connected-services subscriptions because of similar services on their smartphones, says S&P Mobility.

This could explain GM’s decision last year to remove Apple CarPlay and Android Auto user interfaces from its forthcoming electric vehicle lineup, opting for the company’s own infotainment system instead. According to S&P Mobility, GM sees an opportunity in consumer usage data.

“GM cannot get consumers’ usage data from the infotainment system if users only connect via third party apps like Apple CarPlay and Android Auto,” says Fanni Li, connected car services research lead at S&P Global Mobility. “Having this data on their own will become one of the competitive advantages for OEMs.”

When it comes to data collection, 37% of respondents worry about security issues, while 32% fail to understand the value that a connected service would provide from the shared data, says S&P Mobility. At the same time, the survey reported 31% of consumers “feeling comfortable” with OEM’s collecting their data.

These concerns did not seem to alter respondent subscribers’ attitudes towards subscription services, however. S&P Mobility reports in a subset of about 4,500 respondents who had experienced a free trial or an existing…

Source…

Ask Hackaday: Does Your Car Need An Internet Killswitch?

/in


Back in the good old days of carburetors and distributors, the game was all about busting door locks and hotwiring the ignition to boost a car. Technology rose up to combat this, you may remember the immobilizer systems that added a chip to the ignition key without which the vehicle could not be started. But alongside antitheft security advances, modern vehicles gained an array of electronic controls covering everything from the entertainment system to steering and brakes. Combine this with Bluetooth, WiFi, and cellular connectivity — it’s unlikely you can purchase a vehicle today without at least one of these built in — and the attack surface has grown far beyond the physical bounds of bumpers and crumple zones surrounding the driver.

Cyberattackers can now compromise vehicles from the comfort of their own homes. This can range from the mundane, like reading location data from the navigation system to more nefarious exploits capable of putting motorists at risk. It raises the question — what can be done to protect these vehicles from unscrupulous types? How can we give the user ultimate control over who has access to the data network that snakes throughout their vehicle? One possible solution I’m looking at today is the addition of internet killswitches.

The Scope of the Problem

[Chris] and [Charlie] remotely hacked into a Jeep, disabling its brakes remotely and sending it careening into a ditch.

As any hacker knows, a connected computer is a vulnerable computer. In vehicles, not only are the embedded systems connected to the internet, but they’re also capable of controlling vital safety systems. While many wrote off these concerns as unrealistic, the uncomfortable truth came home to roost in 2015. Security researchers [Charlie Miller] and [Chris Valasek] were able to remotely take control of a Jeep Cherokee, with just a laptop and a 3G data connection. The duo were able to scan the internet for further targets, and could even track various Chrysler automobiles around the country thanks to GPS and their in-dash entertainment systems.

This discovery led to the recall of 1.4 million vehicles, with Chrysler sending out firmware upgrades on USB drives to patch…

Source…

Protect yourself from hackers taking control of your car

/in


The right software can turn your smartphone into a spy device that watches everything you do. Scary, I know.

Here’s how to check if your phone is infected.

While you’re at it, check your computer. These are the signs that stalkerware is hard at work tracking your web activity, searches, and even the passwords you type in.

Shockingly, your car isn’t immune. With the proper electronics and software techniques, a determined hacker can intercept or block your key fob signal, infiltrate your car’s software, and even remotely control your vehicle.

So, is your connected car hackable? Most likely, yes. Here’s how.

Software hacks

Compromised car apps: Does your car have a smartphone app that allows you to unlock and start it remotely? Almost every car manufacturer offers this convenience in some makes and models.

Account usernames and passwords protect these apps. If hackers can break into your account or exploit a bug in the car’s software, they can compromise your entire vehicle.

My advice: To protect your remote start app, change the default password, use strong and unique credentials and never reuse your passwords from other services. Enable two-factor authentication if you can, and keep that software current.

Telematics exploits: Telematics is the broad term describing a connected system that remotely monitors your vehicle’s behavior. This data may include your car’s location, speed, mileage, tire pressure, fuel use, braking, engine/battery status, and driver behavior.

By now, you know anything connected to the internet is vulnerable to exploitation. Hackers that intercept your connection can track and even control your vehicle remotely. Now that’s scary.

My advice: Before you get a car with built-in telematics, consult with your car dealer about the cybersecurity measures they’re employing on connected vehicles. If you have a connected car, ensure its onboard software is always up to date.

Networking attacks: Here’s a throwback. Cybercriminals can also employ old-school denial-of-service attacks to overwhelm your vehicle and potentially shut down critical functions like airbags, antilock brakes, and door locks.

This attack is…

Source…