How Keyless Entry Lets Cybercriminals Hack Your Connected Car

By on Mar 15, 2016

There’s a certain sort of absurd-ism to Christine, the novel-slash-movie released by Stephen King and John Carpenter in 1983. In both renditions, a car hunts down and kills any person threatening its existence. It’s an autonomous 1958 Plymouth Fury with a taste for blood — and nothing will stop it. But, thankfully, Christine is a fantasy. For our reality-bound mechanical nightmares, we’re stuck with something far more common: keyless entry hacks.

Now more than ever, cybercriminals are using the technology embedded in today’s connected cars to enable illicit activities. For example, cybercriminals can overwhelm proximity keyless entry systems to steal goods. Using the same sort of method, cybercriminals can also easily steal cars with keyless ignition systems. These systems, often working with a car remote or fob, are increasingly becoming commonplace, as these features trickle down to differing demographics and enter used car markets.

In fact, according to Kelly Blue Book, 62 percent of respondents worry that future cars will be easily hacked. Unfortunately, it appears as though that day may be closer than we realize.

Take, for example, CNBC’s story on Yash. Yash is a San Francisco tech worker who bought a car with a keyless entry system. A savvy thief used this system to gain access to Yash’s car, and his belongings, without causing any noticeable damage to the vehicle.

So, how did the hack work? Well, it could have gone one of two ways.

The first scenario would be that Yash’s car was the victim of an amplification attack, in which a crook amplifies the signal of a keyless remote using a power amplifier purchased on the cheap. The second scenario would involve the criminal planting a device nearby to intercept the door entry code. These are pretty much the same methods behind all the hacks on baby monitors and webcams we’ve been hearing so much about.

Internet-connected cars can offer us another example. In the summer of 2015, WIRED journalist Andy Greenberg drove an Internet-connected Jeep outside of St. Louis, Missouri on a busy highway. Greenberg was writing a story on wireless carjacking in association with two professional security researchers. During his drive, the researchers managed to remotely fiddle with Greenberg’s air conditioning, radio, wiper blades, windshield wiper fluid and, eventually, cut off the vehicle’s transmission while on a busy highway.

Fortunately, no one was hurt during that story’s making. But it did serve to highlight a very important point about our methodology when it comes to the Internet and cars: we’re building cars to go from Point A to Point B with comfort and luxury in mind — even if that means they are insecure against cybercriminals. That’s something we need to fix.

So, what can you do to protect your vehicle and valuables from the foils of tech-savvy car thieves? Here are a few tips to keep in mind:

  • Do your homework. When preparing to purchase a new, smart vehicle, do some research on the auto manufacturer. The reputation of the company, and its car models’ potential history of exploits, will help guide you in making a decision with security in mind.
  • Update your car’s software. Every device has software — even your car. Keep your driving experience a smooth one, and update your car whenever new software becomes available. Keep in mind that some manufacturers will issue updates wirelessly, while others may require you to head into a dealer to install.
  • Stay informed. Cyberattacks on cars are an uncommon occurrence. When they do happen, they make headlines. If you hear of a vulnerability in the news, check with your car manufacturer about any security updates or recalls.

 

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs