Is it possible to hack a car? What are the risks?
Due to the new systems and technological advances that more and more vehicles incorporate, the cybercrime in the automotive sector is already a real risk. Hackers can access your car and manipulate the brakes, the engine (even when running) or start it without a key and at a distance. All this, among many other things, is not science fiction: it is possible and relatively simple.
With this growing dependence on technology and our increasing connection to the Internet, we are also more likely to be victims of a cyber attack, in any form. That’s why, today, state-of-the-art cars are vulnerable to being manipulated by these crackers, who have manufacturers in their sights.
The most frequent cyberattacks on cars
Among the cyber attacks on a car, is the one that affects the key-free access system, that is, the one that allows you to access or start a car without having to take the key out of your pocket. They can copy the signal of the control, by pressing the button to open or close the doors, to access it, steal the vehicle or whatever is inside.
This is not their only form of access: cybercriminals can also use the bluetooth, linked between car and phone, to access your personal data and any information of importance for their benefit. In this way, they can spy on you, impersonate your identity, know your exact position, etc.
They can also directly harm your physical integrity, causing an accident to the take control of the brakes, the direction or disabling the airbags. And, to top it off, they can manipulate the eCall system (or car emergency call) so that they don’t assist you if you have an accident.
In addition to all this, they can manipulate GPS information or access through apps that allow you to control vehicle functions to start the car remotely, for example.
As we have seen, cybersecurity in the vehicle is something to pay special attention to, as anyone can be a victim of these attacks. If we consider that more and more vehicles are connected, this should be a priority task.
The regulation of cyber security vehicles
To combat this new form of piracy, the UN has developed the UNECE/R155 regulation, which establishes minimum bases to be met so that all vehicles are safer and hinder the bad intentions of crackers. Although ISO/SAE 21434 (which specifies engineering requirements for cybersecurity risk management) is not yet mandatory, can serve as a guide for manufacturers to audit and build their vehicle systems to make them cybersafe.
This UNECE regulation, in force since January 2021, will oblige vehicles approved from July 2022 and those sold from July 2024 to have a cyber-insurance vehicle certificate.
Brands are already working on preventing these attacks, because without this certificate, manufacturers will not be able to sell or approve EU vehicles, components or software after June 2022.
In addition, this new approval regulation against cyber attacks will also make it impossible or very difficult for people who are not legally authorised to operate vehicles to handle them. We refer, for example, to sweatshops. The vehicle will not allow access to certain tasks (updates, diagnosis…) if the mechanic has not previously identified himself by password to access its software.
DGT recommendations for cybersecurity in the car
Be prepared
You should be aware of the risk posed by this cyber threat and that no car is immune. Any digitized vehicle can be the target of these attacks. So you need to stay alert and understand so you know how you can reduce the risks.
Updated software
New versions of the software serve to plug vulnerabilities and security gaps. By keeping your car up-to-date with software updates (which can be done at both the dealership and a multi-brand workshop) you’ll be closing doors to potential cyber attacks.
Review the USB
Before connecting a USB device to the car, you need to pass the antivirus to detect any viruses or malicious software and thus prevent it from being installed in your vehicle.
Shut down the connections
Whether Wi-Fi or Bluetooth, any kind of connection is a gateway for cybercriminals and their harmful software. Therefore, it is recommended that you deactivate them when you are not using them.
Controls downloads
It is very common to connect the mobile phone with the vehicle, either through an app to control some functions of the car or via bluetooth. You have to watch which applications you download and install, as they can come with some unwanted surprise and sneak into the software of your car.
Beware of the keys
They can copy the signal from the keys when we press the open or close door button. Use the manual method when you’re on sites you don’t consider safe. You can also buy a specialized bag that prevents you from being duplicated the signal issued by the keys.
Attention to the OBD2 port
This communications port is too tempting a gateway for crackers, because through it you can diagnose and program various electronic devices. It is important that you know where it is and keep in mind what is connected to this port.