Does Putting Tech in Cars Make It Easier for Hackers to Start Your Car?

There’s a trend that has taken shape through the 2010s. Everything is now connected. Your washing machine? It has an app! Your doorbell? There are several options available that let you see who’s in front of your door from your smartphone. This app frenzy gives us the possibility of making our lives immeasurably more convenient, but what role does security play in all of this?

And when we’re talking about something as valuable and crucial as a vehicle, the question is no longer casual. You can start, locate, and even summon your car using your phone, which raises a question very few people ask when blinded by the glare of instant satisfaction and convenience: just how safe is this?!

carapp-keys

Back in 2013 we discussed built-in mobile software installed in vehicles. At that point we could only conceive of dangers to the driver while texting and driving and how this evolution would affect the trend. Since then the possibilities have expanded, raising many more concerns.

We live in a world that allows someone the ability to perform many functions otherwise done with a physical key using a phone. The shift from ignition key to mobile device puts even more of a burden on our phones, making them responsible for yet another crucial function of our daily lives. We must begin to ask ourselves whether this reliance is healthy and whether it is safer than the previous way of doing things.

The reality is that hackers can and do present challenges to the implementation of remote vehicle access technology.

carapp-garage

A recent piece published on Wired shows us that researchers at Kaspersky have discovered some ways that hackers can definitely compromise remote ignition applications installed on smartphones. They’ve concluded that this can be done in one of three ways:

  1. A hacker can simply grab the authentication data from the phone. In most cases the app doesn’t even bother to encrypt it.
  2. A hacker could install a fake version of the app that would grab the user’s login credentials when they try entering.
  3. A hacker could infect the phone with malware that hooks onto the real app and stores whatever input the user types in.

The first method is the easiest (and the one I am most concerned about) since it doesn’t require a hacker to manipulate his victim into downloading anything. Installing malware on a phone with its default settings is much more cumbersome. One of the first rules of hacking is to find the path of least resistance!

I’m going to go out on a limb here and say that using a key in your car isn’t the most inconvenient thing in the world. Your best method of prevention is just to use your car the same way people have been using theirs since before we ever had computers in our homes. Other than that, your best bet is to exercise as much prudence as possible with what you download and ensure that your phone’s screen cannot be unlocked with a simple slide of the finger.

Nothing will keep you one-hundred percent safe from a hacker siphoning your data. For example, aside from the three methods stated above, a hacker can also compromise your data by sniffing your WiFi traffic. Unlocking your car through your phone might just prove more of a hurdle than it’s worth.

It’s time to tell us what you think. Are we going too far by connecting literally everything we own to our smartphones? Let us know your opinion in a comment!

4 comments

  1. Well this article was not even close to the mark. It left out the entire other half of the equation. Why hack the phone when you could hack the car. As long as there is a long supply chain and the need for dealers to be able to manipulate the cars infrastructure to facilitate repairs and upgrades there will always be a need for a “master key” or someway to access the cars tech without the owners credentials.

    • It may sound a little ironic, but it is easier for vehicle manufacturers to adopt security measures than it is for smartphone manufacturers to do so.

      You get a higher victim count if you hack an OS that millions of people use (the smartphone) than one that thousands of people use (the car) in a big city. It’s the same reason why hackers aren’t so focused on MacOS, but have a penchant for exploiting Windows systems.

  2. There was an article in Wired magazine in which two researchers described how they remotely took over and were able to control most of the computer-controlled systems in a Jeep Cherokee. They did it without any assist or access to the owner’s smartphone. They hacked directly into all the computers that control the automotive systems: brakes, engine, climate control, entertainment, windshield wipers, etc.

    What concerns me is that with all this research showing how easily car computers can be hacked, there is still a mad push for autonomous cars. IMO, stealing info as you describe is small potatoes. A bigger concern should be car-jackings or kidnappings by remotely taking control of the victim’s car.

  3. Yeah…..no. I’m not ever going to subscribe to letting my phone, my dishwasher, my toaster, and my hot water heater be connected to the same network/grid as my car. Period. I have a Buick. It came with car keys. I will use the car keys, I don’t need to “find” my car with my phone. I just remember where I park. I don’t need to unlock my door from the front of the grocery store, I will unlock it when I get to the car. I don’t need a wireless-audio-hi-def-surround-sound-flashing-lights-holodeck touch screen in my vehicle. It may come with one, but i don’t want to connect anything to it, and I damn sure don’t want it to be connected to my phone at any time. The problem with technology? ISN’T the technology, its the perverted, evil people who would use it in ways it wasn’t meant to be used. The best way to avoid getting you car “hacked” or “pwned”? Use the dam car keys it came with stop being lazy…stop relying on a device to do things for you. And if you happen to have one of those cars that just has a pushbutton for an ignition switch? Well I guess good luck with that. I prefer keys, I prefer simplicity, and I prefer safety. Too many clowns are running around touting all the benefits of living in a totally connected world, excluding those of us who prefer to NOT be connected. Don’t get me wrong, I’m not someone who lives in a cave and who thinks aliens are coming to get us, but c’mon people! There HAS to be a point where even the most connected individual has to say “Enough….this is going a bit too far”! Why is this hard to figure out? why are leaving ourselves wide open for theft, injury, or even worse?…death? I mean is THAT what it will take before there’s a ban of some sort on certain technological topics? I mean we’ve already seen people who have been injured or killed by relying a bit too much on technology (The Tesla car incident comes to mind!) I for one will not give a computer (nor a hacker) the chance to use technology against me. They can hack my phone….(reload the OS)….my laptop….(copy files and re-install) and desktops (pull backup from server) but I don’t have a spare spine….or extra kidneys and eyes lying around so I’m not going to drive a car that will grant control to anyone other than ME behind the wheel! I’m not living in a house that has a fridge, microwave, toaster, TV, speaker, light bulbs or anything else connected and “talking” to each other. Nope Not now….not ever. For those who want that kind of life?….go find Orson Well’s book “1984” and then decide if that’s the kind of life you want. I for one don’t and WON’T live that kind of life. Ever.

Comments are closed.

Sponsored Stories