It's Time to Pay Attention to Connected Car Cyber-Threats

NEWS ANALYSIS: Many of us are already connected to the IoT via devices installed in our cars that we might not even be aware of. Now the FBI is warning about how vulnerable these devices are to hacking.

Connected Car Threats 2

When I bought a car back in February, one of the things I hadn't realized until I sat down to read the owner's manuals was that I was now in possession of a connected car.

As I went through the section about the entertainment system and the emergency help system, I realized that, among other things, my car had its own Verizon Wireless phone system built right in.

But this phone system wasn't for me to make phone calls, except to the emergency operations center or to the company's concierge service. It was mainly to allow the folks at the car company to communicate with my car. This meant that I could call a toll-free number and get my car unlocked.

But the connection went far beyond that. I could also connect to the Internet and get restaurant reviews and, then, automatically load the navigation information and get directions to the place.

I could get a call if the airbag ever went off so that the car company could send help. But if the car manufacturer could connect to my car, suppose somebody else could also do that and then unlock my car, or roll down the windows or perhaps start the engine.

The risk of cyber-attacks on motor vehicles has reached the point where the Federal Bureau of Investigation (FBI) and the National Highway Transportation Safety Administration (NHTSA) have now issued a warning about the vulnerabilities associated with connected cars.

The two agencies released an announcement on March 17 calling the public's attention to the risks involved and providing some suggestions on how we should protect ourselves.

In one sense, I'm lucky that I was too cheap to splurge on the automatic parking feature that will interface the car's computer with a series of sensors and to the steering, engine controls and brakes. Without that feature, a would-be hacker could roll down my windows, but at least, they couldn't take over my car and drive it. I think.

What I didn't think about is that there's yet another wireless interface that exists on some cars that could expose private information, without the car's owner ever being aware of it.

That wireless interface is based on the On Board Diagnostics II port that's built into every modern vehicle. While that port itself isn't wireless, there are now a wide variety of third-party devices that can be plugged into that port and which may or may not have good security.

In the warning announcement, the agencies recommend exercising discretion when connecting third-party devices to your car. An example of such a device is the Hum car tracking device, which provides connected car services to vehicles that don't otherwise have that capability.

Fortunately, the Hum device doesn't have the ability to unlock or start your car, and a company representative told me that they do have security protections in place.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...