Beware of cyber car hacks, feds warn

Federal agencies want you to be aware that as cars become smarter, so do cyber hackers.

Don’t let your car get remotely hacked, the Federal Bureau of Investigation, the National Highway Traffic Safety Administration, and the Department of Transportation warned US drivers in a public service announcement this past week.

As vehicles get more automated and less manually controlled by drivers, they will be more subject to cyber security risks. 

“Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality,” explains a joint public service announcement (PSA) from the trio of federal government agencies. “While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk.” 

They go on to suggest several steps consumers should take to minimize vehicle cybersecurity risks. These include ensuring that vehicle software is up to date, being aware of who has vehicle access, and exercising discretion when connecting third-party devices to the vehicle. To put it simply, pay attention to who is in your car and what is plugged into your car, suggests the FBI. 

“Some car manufacturers are already working on addressing the issue,” reports The Christian Science Monitor’s Olivia Lowenberg. “Ford and Toyota have both built stronger firewalls for their vehicles, and Tesla encourages hackers to share their findings with the company through a ‘responsible disclosure’ policy.” 

Manufacturers and government agencies alike have had to work quickly to address the dangers of cyber car hacking. 

Cyber car hackers had their first high-profile success in 2013, after proving that it was possible to hack a Toyota Prius. But in order to do so, the hackers had to be in the car – remote cyber hacking was not yet a tangible threat. 

But within the last three years, these vulnerabilities have multiplied, reports Monitor auto blogger Richard Read. 

“As our cars become increasingly autonomous, they’re likely to begin talking to one another, and in doing so, they’ll create networks,” writes Read. “Networks are the playground of hackers because with the right code, ne’er-do-wells can affect dozens, hundreds, or thousands of vehicles at once, maximizing their returns.” 

Just last year, security researchers Charlie Miller and Chris Valasek remotely hacked a 2014 Jeep Cherokee killing the car’s transmission and proving the immediate potential of hacking threats. Chrysler soon after issued a 1.4 million-vehicle recall and mailed software updates to drivers. 

But Mr. Valasek tells Wired that he is confused about the FBI’s timing – why now? After all, their experiment was conducted eight months ago. 

“It seems super delayed,” said Valasek, one of the two Jeep-hacking researchers. “But it’s good advice… people take the FBI seriously.”And since his hacking experiment last year, Valasek says he has been flooded with emails from people who believe they are car hacking victims. “Charlie and I get emails all the time from people who say ‘my car’s been hacked!’” says Valasek. “The FBI is more than welcome to take that over.”