Modern cars are filled with all kinds of tech to make them safer to drive, more entertaining to handle, and, supposedly, more secure. In spite of this, the rate of car thefts across the U.S. has been steadily rising in recent years, bolstered by budding hackers uncovering weaknesses in cars from the likes of Kia and Hyundai.
Now, a report from Bloomberg has spoken to the teams of cyber security experts around the world that are working to uncover the weaknesses in new cars. To find these weaknesses before the criminals do, teams of experts work tirelessly to test out new ways of breaking into your vehicle, which includes working on automotive spares they pick up on sites like eBay.
Once the parts are in their labs, they can uncover ways to break into the systems. When they find these flaws that leave cars vulnerable to attacks, they often work directly with automakers to create patches that can prevent thieves from gaining access. As Bloomberg reports:
Tiffany Rad, an independent consultant in the field since 2006, says she’s working with US officials on developing cybersecurity and privacy standards for the transportation industry, focusing on potential requirements for the design stages of automobile manufacturing. “When I started hacking cars, the auto manufacturers didn’t have many cybersecurity concerns,” she says. “Things are very different now.”
Flaws uncovered by this research include a process of rewiring the headlights on a Toyota Rav4 to access the car’s controls. Experts also found a way to wirelessly access a car’s control system using a modified bluetooth speaker. With this device, a press of the play button would unlock the doors and, once inside, the attackers could start the car and drive off.
According to Bloomberg, most weaknesses such as these arise because people hold onto their cars for much longer than you would a smartphone or computer. As such, the computer systems inside are, relatively speaking, much older and less secure than they would be in a brand new vehicle.
As a result of their age, the digital security systems built into such cars can become outdated and vulnerable to attacks, Bloomberg reports. As such, “technically savvy criminals” are working to design devices that are easy to use on “cars with security weaknesses.
Thankfully, work is being done to prevent these kinds of flaws making it out into the world. Some of the hackers uncovering these flaws are now being snapped up to work at automakers around the world. Bloomberg highlighted the work of two hackers that were able to remotely control a Jeep that was driving on a highway in St. Louis in 2015. Once their work was published, they quickly found jobs in the industry.
What’s more, a new law in the European Union requires every new car to undergo a cybersecurity review and automakers must now have a plan in place for fixing any flaws that are uncovered before the vehicles can go on sale.