Car hacking is a real but nuanced problem today. Most car thefts do not occur through high-tech hacks, but via relay attacks on keyless systems or OBD abuse. However, the risk will increase as vehicles become more connected and software-driven. Peter Braem, CEO of Cyber Security Management., explains.
Text Anja Van Der Borght
To what extent is car hacking a growing problem today, and how can consumers protect themselves?
PB: “Car hacking is a real but nuanced problem today. Most car thefts do not occur through high-tech hacks, but via relay attacks on keyless systems or OBD abuse (physical access via the diagnostic port under the dashboard, which mechanics use to read the car). However, the risk will increase as vehicles become more connected and software-driven. Consumers can protect themselves by storing their keyless key in a Faraday pouch, securing their smartphone, enabling two-factor authentication, and installing updates from the manufacturer. A classic steering wheel lock remains an effective physical barrier as well.”
How will the risk increase as vehicles become more connected and software-driven?
PB: “In addition to wireless attacks and 0-day vulnerabilities (a security flaw that no one, except the hacker, knows about), more vulnerabilities are emerging: vulnerabilities in infotainment and telematics systems, poorly secured V2X communication (Vehicle-to-Everything: when cars communicate with each other, traffic lights, or infrastructure), and leaks in manufacturers’ cloud platforms. Cars contain dozens of small computers that control various parts of the car and often communicate without strong authentication, combined with numerous wireless interfaces and slow update cycles. This significantly increases the attack surface.”
Bluetooth is often seen as a weak link in modern devices?
PB: “Bluetooth is not fundamentally unsafe; the biggest weaknesses stem from outdated chips and poorly maintained implementations that are rarely updated. Revising the technology is possible, but difficult because millions of vehicles with old hardware are on the road.”
With car keys now also existing as cards, key fobs, or smartphone apps, can a hacked smartphone lead to an attacker gaining remote access to a vehicle?
PB: “A hacked smartphone can grant access to a vehicle in certain cases, for example, when it contains a digital car key or when the manufacturer’s app is compromised. An attacker could unlock or even start the car.”
