Last winter, a cybersecurity expert who goes by the name J. Max was looking for a Christmas gift for his girlfriend when he remembered that she had recently commented that she hates how her fingers get painfully cold when driving her car.
So, J. Max had the idea to buy her a remote starter that would connect to her car’s dashboard and, with an accompanying device and app, allow her to start the car’s engine with just a tap on her phone.
That way, on her next trip, she could start heating up the car so it was nice and warm by the time she touched the steering wheel.
Within 24 hours of installing the remote starter, Max discovered what he had feared: Vulnerabilities that could let any hacker fully hijack the remote unlock and ignition device, providing a handy tool for stealing vehicles.
In fact, according to J. Max, there are a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under various names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1.
Based on a scan of MyCar’s exposed database, there were roughly 60,000 cars left open to theft by security bugs, with enough exposed data for a hacker to even choose the make and model of the car they wanted to steal.
To make matters worse, many carmakers are focused on improving convenience, so cybersecurity is taking a back seat. Not to mention, many newer cars often operate on one main computer system.
This means the computer that controls the engine components could be the same computer that operates the satellite radio.
In other words, once a hacker finds a flaw in one area, such as the satellite radio, they could take that flaw and use it to access the entire computer system on the vehicle.
The scary thing is, imagine if hackers carried out a mass cyber-attack against cars during rush hour in Los Angeles.
Let’s say they gained access to a few thousand or even hundred cars like J. Max did, and they simply turned the cars off while the drivers were sitting in L.A. traffic.
This would have a crippling effect and they wouldn’t even have to target that many cars.
With that being said, I want to discuss a few ways you can hopefully prevent your vehicle from being hacked.
Be cautious of insurance discounts. Many insurance companies offer discount programs to customers that reward them for good driving.
In order to qualify, drivers have to plug a monitoring device (called a dongle) into their ODB-II ports so the insurance company can collect data from the customer’s driving habits.
The problem is, these devices are usually from third-party suppliers who aren’t making security a priority. There have been reports that some devices, such as Progressive’s Snapshot dongle, have no security technology whatsoever.
Update your car’s software/recalls. According to the NHTSA, only 62% of cars that are recalled actually receive the recall repair.
With smart-connected cars, it’s more critical than ever to get recalls fixed, along with any software upgrades from the manufacturer. (Yes, just like your computer, you need to update your car software.)
Consider an older bug out vehicle. Perhaps, the best option of all, is to simply avoid the smart connected cars that are opening our world to more cyber security threats than we ever imagined.
I’m not saying you should never buy a new car, but you may want to have a secondary vehicle that you could use to bug out. I would look into pre-1980s American-made Trucks and SUVs.
These types of vehicles will not only be safe from hackers, but are more likely to function after an EMP.