CARS.COM — Ready or not, the age of connected cars has come. With the myriad of safety, convenience and efficiency functions of today's cloud-connected cars comes increased vulnerability to hackers. These computer criminals can infiltrate vehicles through onboard computers or third-party aftermarket devices and steal drivers' stored personal data — or worse, seize control of the car while it's moving.
Related: Nissan Shutters Leaf App After Remote Hacking
Hackers can gain control of modern cars through electronic control units, or ECUs, for functions such as steering, braking, acceleration, lights and wipers, as well as keyless entry, ignition control, tire pressure monitoring and navigation, the FBI explained in a new public service announcement. Entry points for a cyberattack — including a vehicle's wireless communication functions, a personal mobile device or third-party diagnostics device — leave cars vulnerable to engine shutdown, disabling of brakes, loss of steering control and takeover of door locks, turn signals and GPS functions.
"While not all hacking incidents may result in a risk to safety — such as an attacker taking control of a vehicle — it is important that consumers take appropriate steps to minimize risk," the FBI said in its announcement.
To help car owners safeguard against a cyberattack on their vehicle, the FBI issued the following checklist:
1. Ensure your car's software is up-to-date. Just like you regularly update your computer's operating system to ensure you have the most recent security patches, today's connected cars may require software updates, too. When an automaker issues an update, apply it to your car — but only after you've verified that the update is legitimate by checking the automaker's website or with your dealer. A bogus notice actually could be malware parading as a security update.
2. Be aware of potential dangers when connecting third-party devices to your vehicle. Increased availability of aftermarket devices that plug into your car's OBD-II diagnostic port — such as insurance monitoring devices and telematics tools — could provide an attacker with an entry point for remote hacking.
3. Know who has physical access to your car. "In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don't trust, it is important that you maintain awareness of those who may have access to your vehicle," the FBI advised.
4. If you suspect you've been the victim of hacking, check for software updates on the automaker's website and for recalls on your vehicle. Manufacturers send recall notifications directly to owners when a safety action is issued, but you also can find the latest recalls for your vehicle by going to the National Highway Traffic Safety Administration's safercar.gov and following the instructions for checking your car's VIN, which the FBI says you should do twice a year. (Cars.com also reports recalls as they're issued.)
5. Report suspected cybersecurity problems. You can do so to your vehicle's manufacturer, NHTSA, your area's FBI field office or the IC3 Internet Crime Complaint Center.
The cybersecurity threat to cars was thrust into the national discourse in July 2015 when a pair of hackers exploited a weakness in the Uconnect multimedia system in Jeep vehicles, demonstrating they could take control of everything from air conditioning to brakes. The incident resulted in the recall of 1.4 million Fiat Chrysler Automobiles vehicles with the system and 8.4-inch touch-screens, including sedans, sports cars, SUVs and pickup trucks from the Chrysler, Dodge, Jeep and Ram brands. FCA made the necessary fix by sending a USB device with a software update to all affected vehicle owners. Other automakers since have encountered similar issues.
No comments:
Post a Comment