Feds Warn Of Potential Cyberattacks On Cars
The federal government is warning drivers about potential cyberattacks on their vehicles as cars are becoming increasingly more "connected."
The FBI and National Highway Traffic Safety Administration said researchers have identified vulnerabilities in cars made as recently as the 2014 model year that highlight a troubling trend in auto cybersecurity, citing a report that was conducted in 2015 by the Seattle-based IOActive security firm.
"In this study, which was conducted over a period of several months, researchers developed exploits targeting the active cellular wireless and optionally user-enabled Wi-Fi hotspot communication functions," the agencies wrote, noting that "the vehicle studied was unaltered and purchased directly from a dealer."
They added: "Attacks on the vehicle that were conducted over Wi-Fi were limited to a distance of less than about 100 feet from the vehicle," the report continued. "However, an attacker making a cellular connection to the vehicle’s cellular carrier — from anywhere on the carrier’s nationwide network — could communicate with and perform exploits on the vehicle via an Internet Protocol (IP) address."
The agencies warned that the rapidly increasing use of technology in cars makes them more vulnerable than ever to being hacked. Modern cars "often include new connected vehicle technologies that aim to provide benefits such as added safety features," they wrote, but they also present vulnerabilities that could be exploited by hackers who have a malicious intent. "While not all hacking incidents may result in a risk to safety — such as an attacker taking control of a vehicle — it is important that consumers take appropriate steps to minimize risk," the agencies said.
The warning about potential auto cyberattacks as automakers and technology companies are pushing to develop driverless cars — and asking Congress to create a friendly regulatory environment for them.
Automakers have largely focused on potential safety improvements from technological advances in car manufacturing, such as vehicle-to-vehicle and vehicle-to-infrastructure communications and eventually self-driving autos, although they have acknowledged the need to vigilant about cybersecurity.
The FBI and NTHSA said vulnerabilities to connected cars could exist "within a vehicle’s wireless communication functions, within a mobile device — such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi — or within a third-party device connected through a vehicle diagnostic port."
The agencies said drivers will also have to be vigilant when it comes to protecting their connected cars from cyberattacks, drawing parallels to measures that are taken to shield computers and other electronic devices from hackers
"If a manufacturer issues a notification that a software update is available, it is important that the consumer take appropriate steps to verify the authenticity of the notification and take action to ensure that the vehicle system is up to date," the agencies said.
But even then, the FBI and NHTSA warned "a criminal could send socially engineered email messages to vehicle owners who are looking to obtain legitimate software updates."