FBI and NHTSA Say All Cars Can Be Hacked

Wed, 4/18/2018 - 7:05 pm by Kirsten Rincon

FBI logoDrivers have been increasingly worried about the possibility of their cars being hacked lately, especially after two hackers managed to remotely take control over a Jeep Cherokee last summer.

While automakers try to assure the general public that cars are well protected against such threats, fears over cybersecurity issues are largely justified, given the fact that modern vehicles are equipped with high-tech connectivity and wireless communications features that make them vulnerable to remote hacking attacks.

Now, U.S. federal authorities have publicly acknowledged the fact that car hacking is possible, warning car owners of the potential security risks associated with connected vehicles.

PSA on Vulnerabilities to Remote Attacks

The Federal Bureau of Investigation (FBI) and the National Highway Traffic Safety Administration (NHTSA) have issued a warning about potential cyber security risks for modern vehicles, in the form of a public service announcement that is prompted by media reports from July 2015 that showed how vulnerable cars are to remote attacks.

The warning focuses on vulnerabilities of wireless communications that today’s cars are equipped with, in addition to aftermarket in-car connectivity products. The main goal of the announcement is to educate consumers of potential threats and make manufacturers work on improving cybersecurity.

Electronic Control Units in the Focus

The FBI and the NHTSA state that in most cases, hackers use electronic vehicle control units (ECUs) to break into cars remotely.

“Motor vehicles contain an increasing number of computers in the form of electronic control units (ECUs). These ECUs control numerous vehicle functions from steering, braking, and acceleration, to the lights and windshield wipers. A wide range of vehicle components also have wireless capability: from keyless entry, ignition control, and tire pressure monitoring, to diagnostic, navigation, and entertainment systems,” reads the statement.

On top of that, the warning notes that third-party devices that also provide connectivity in cars after being plugged into a car’s diagnostic port are another source of vulnerability to remote exploits.

Hackers can use the above-mentioned vulnerabilities to gain access to various vehicle control systems, resulting in serious safety risks for vehicle occupants. The warning cites a study that showed exactly how attackers could manipulate a vehicle remotely if they manage to gain access to some of its systems. In the experiment noted by the FBI and the NHTSA, researchers managed to take over a car’s steering system, disable its brakes and shut the engine down, at speeds between 5 and 10 mph.

While the vehicle was moving at higher speed, attackers were able to lock the doors, activate the turn signals, access the tachometer, as well as the radio, the HVAC system and the GPS.

Update the Vehicle Software and Be Extra Careful When Using Third-Party Devices

The public service announcement concludes with several tips on how car owners can protect themselves against cybersecurity attacks. One of the main things that consumers can do is ensure that their vehicle software is up to date, as well as be very careful when choosing what kind of third-party device they plug into their cars.