The Dark Side of Automotive Advancements: Unveiling the Tech That Empowers Criminals to Steal or Sabotage Cars

The New Technology That Is Making Cars Easier for Criminals to Steal or Crash

Introduction

The automotive industry is abuzz with talks about the “internet of vehicles” (IoV), a network of cars and other vehicles that exchange data over the internet to enhance transportation efficiency and safety. The IoV has the potential to enable autonomous driving, improve diagnostics, and assist in identifying roadblocks and pedestrians. However, as cars become increasingly connected, they also become susceptible to theft and malicious attacks due to vulnerabilities in this emerging technology. Criminals are already taking advantage of these vulnerabilities, raising concerns about the security measures in place.

The Security Risks

One method currently exploited by criminals is the manipulation of smart keys. These keys are designed to protect vehicles against theft by disabling the car’s immobilizer when a button is pressed. However, criminals have found a way to bypass this system using handheld relay tools. By tricking the vehicle into thinking the smart key is nearby, they can gain access and drive away. To mitigate this threat, car keys can be stored in Faraday bags or cages that block signals emitted from the keys.

However, a more advanced attack known as a “CAN injection attack” is growing in popularity. This attack involves establishing a direct connection to the vehicle’s internal communication system, the Controller Area Network (CAN) bus. Criminals gain access through the front lights of the car, inserting a CAN injector into the engine system. By sending fake messages to the vehicle, they can disable the immobilizer and start the engine, making the car vulnerable to theft.

Addressing the Vulnerabilities

Manufacturers are actively seeking solutions to the vulnerabilities in vehicle security. One approach, known as the “zero trust approach,” involves not trusting any messages received by the car and verifying them instead. This can be achieved by installing a hardware security module in the vehicle, which generates cryptographic keys for data encryption and verification. While this approach is being implemented in new cars, retrofitting existing vehicles with this technology is not practical due to time and cost constraints, leaving them vulnerable to CAN injection attacks.

Another security consideration is the infotainment system. Attackers can use remote code execution to deliver malicious code to the vehicle’s computer system, enabling them to exert control over physical components of the car, such as the engine and wheels. In addition to protecting personal data, securing the infotainment system is crucial to prevent potential crashes caused by these attacks. Vulnerabilities can arise from the vehicle’s internet browser, USB dongles, outdated software, and weak passwords.

The Balancing Act

As the IoV becomes more prevalent, striking a balance between the benefits it offers, such as safer driving and improved vehicle recovery, and the potential risks is crucial. While the IoV has the potential to revolutionize transportation, it must also be accompanied by robust security measures to protect against cyber threats. Car owners with vehicles equipped with infotainment systems should pay attention to basic security mechanisms to safeguard against hacking attempts.

Conclusion

The emergence of the Internet of Vehicles brings numerous opportunities for enhanced transportation. However, it also presents new security risks that must be addressed. Manufacturers are actively working on implementing security measures like the zero trust approach to protect against vulnerabilities. Meanwhile, vehicle owners should educate themselves about basic security mechanisms to safeguard their vehicles. The collaboration between industry, policymakers, and consumers is vital in ensuring the safe and secure integration of technology into our vehicles.