In a 2015 experiment, researchers remote-hacked a Jeep Cherokee, taking over some of the vehicle’s controls while the driver sat inside and helplessly saw it happen.
The electronics built into today’s cars and trucks — and those vehicles’ increasing connectivity — mean greater vulnerability. Possible entry points include an electronic key fob, Wi-Fi and cellular connections, radio, tire pressure monitors and more. The connectivity provided by telematics navigation and tracking systems may heighten this risk.
Speaking with automotive magazine Road & Track in 2016, industry analyst Colin Bird remarked, “Cybersecurity will be one of the toughest challenges that the auto industry will face in the next decade or two — especially as more vehicles with telematics and embedded modems make connected cars an attractive target to cybercriminals, terrorists, and nation-states.”
And hacking doesn’t relate only to the ability to overcome the controls and switches. There’s speculation that automotive electronics can be accessed for eavesdropping.
Is that a paranoid fantasy? Could be. It seemed the U.S. Central Intelligence Agency was making efforts to tap into automobiles for the purpose of surveillance. Most experts are skeptical of this claim, but vehicle telematics has undeniably been used by the authorities. Following the 2013 Boston Marathon bombing, the perpetrators carjacked a Mercedes. Boston police remotely set the car’s Mbrace2 telematics to tracking mode, enabling them to locate one of the bombers.
What to do
Considering the potential for misuse, there are measures that offer some degree of protection against hacking.
First, fleet managers and owners can make sure that fleet software is up to date. Older technology is always easier to break into because it lacks the most recent upgrades in security. Updating vehicle telematics used for any purpose, including fleet management systems, can go a long way toward protecting against cyber intruders. In many instances vehicle owners can install upgrades through firmware downloads, internet accessible in the same way as with home computers.
Another tip is to exercise caution when adding or connecting other electronic connectivity or installing apps. Third-party devices and shareware are an open back door into vehicle telematics. Most consumers are aware of computer viruses, and know how risky it can be to open an attached file in an anonymous email message. The same discretion should be practiced when considering whether to add a feature that is not part of the OEM telematics solution.
That includes an act as simple — and as potentially disastrous — as plugging a USB drive into the onboard USB port. These drives are notorious carriers of software diseases, able to infect a computer with whatever contagion they are loaded with. The same goes for a vehicle’s operating system.
One of the most effective methods of protecting equipment against hacking is one of the simplest, and the oldest: limit physical access to the vehicle itself. This includes monitoring parking areas and restricting entry to them, if possible with security cameras and fencing with lockable gates. Driver orientation and training should emphasize situational awareness, not leaving the vehicle unattended while on the road, and above all, the importance of always locking its doors. A secure vehicle is still the first line of defense against hacking — or any other type of unwanted intrusion.