FBI and NHTSA Warn Drivers about the Security Risks of Connected Cars

Cyber security is one of the main concerns when it comes to connected cars. Despite all the progress, connected vehicles are still nowhere near being 100% secure. I think we all remember this experiment and how it made us feel.

Official sources have released a new warning about possible threats. It highlights how attackers might seek to remotely exploit vulnerabilities from now on.

Recently, the Federal Bureau of Investigation (FBI), the Department of Transportation, and the National Highway Traffic Safety Administration (NHTSA) have issued a joint public service announcement (PSA).

It targets both the connected car industry and consumers.

The report wants to raise awareness about cyber security threats for connected vehicle technology. It makes some interesting points, and also offers some useful recommendations.

If you’d like to find out what are the highlights of this report, I invite you to keep on reading.

Increased Connectivity – More Vulnerabilities

One of the most powerful assets of connected cars is, of course, connectivity. But this is also a liability, according to the PSA issued by the organization.

The release states that ”vulnerabilities may exist within a vehicle’s wireless communication functions within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. “

Hackers could exploit these vulnerabilities to gain access to the car’s controller network or data stored on the vehicle. Even if the attacker will not be able to take over all parts of the system, the safety risks to drivers could significantly increase.

The PSA mentions a white paper published in August 2015. The white paper highlighted radio module vulnerabilities of an unaltered 2014 Jeep Cherokee. The car in question was purchased directly from the dealer.

In this case, the radio module contained multiple wireless communication and entertainment functions. It was also connected to two controller area network (CAN) buses in the vehicle.

Researchers were able to manipulate certain functions in a target vehicle driving at low speeds. Some of them include shutting down the engine, disabling brakes, steering.

Aftermarket Products

The PSA also alerts manufacturers, as well as the general public, about the threats that come from the secondary market.

Modern cars will continue to increase their capabilities. They’ll do this with infotainment, enhanced navigation systems, apps, Wi-Fi and Bluetooth portals.

Thus, the challenge of preventing unwanted intrusions will also increase.

It goes without saying that overcoming these challenges will require a massive effort.

How to Reduce Risks

The PSA also gives some recommendations in regards to what drivers can do to minimize vehicle cyber security risks. If you own a vehicle with connected car technology, here are some steps you should take to reduce the cyber security risks:

  • Make sure your software is updated. However, you need to also verify the authenticity of the updates, especially if you can access them online. Don’t forget criminals might exploit this updating method.
  • Don’t make unauthorized modifications to your vehicle’s software. Doing so will make it more vulnerable to attacks.
  • Be aware of all people who have access to your car. Never leave your vehicle unlocked or provide access to a person you don’t fully trust.
  • Check the security and privacy policies of any third-party device manufacturers and service providers. 

If you would like to read the full release, you can find it here.

Want access to the latest news about connected cars?

Make sure you check out the rest of the articles posted on my website. You will find more information about connected cars and how they can change our lives for the better.

We can all understand the dangers of an attacker gaining control over our vehicles. Reports like the one I mentioned here are meant to keep us on our toes.

I would also like to hear what you think about the things stated in the PSA. That and your thoughts on cyber security threats to vehicles that we need to be aware of today would be greatly appreciated as well.

I would also like to hear what you think about the things stated in PSA and cyber security threats to vehicles in general.

Please share any opinions and thoughts you have on the subject in the comment section below.

Philipp Kandal