New Delhi: In 2016, security researcher Troy Hunt found a vulnerability in Nissan’s NissanConnect EV app, which allowed attackers to hack into the Nissan Leaf car. Nissan had to turn off some functionalities till it could plug the loopholes.
Modern day cars are no less than computers on wheels. They have embedded SIMs for full-time connectivity and the more advanced ones even use technologies such as computer vision and augmented reality (AR). However, all that connectivity, which is designed to improve the user experience and make driving safer, also opens the risk of being manipulated by hackers.
Last month, for instance, researchers from Georgia Institute of Technology used simulations to estimate that by stopping 20% of connected cars during rush hour, hackers can freeze traffic in a city as big as Manhattan. In their study, they pointed out that a major problem with connected cars is that there is a single central system that controls everything. Hence, if a hacker can crack one component, s/he can get into the other too.
“These cars now provide plethora of features such as remote control over car ignition, climate control, sunroof, tailgate and door lock through a single mobile application. An attacker can break into a connected car and take over various functions associated with the console,” cautions Sambit Sinha, partner-advisory services, EY.
A lot can go wrong in connected cars. Hackers can break into them by targeting apps, operating system, firmware, telecom connectivity and back-end infrastructure. Sinha points out that hackers can intrude within the connected car appliance either remotely or in proximity. However, a higher rate of success in exploitation is within the proximity of these appliances. Once a malicious code has been injected into a car’s system, it can give hackers remote access and the freedom to spy on them or to take control over the car.
Many connected cars are keyless, which can be exploited by hackers to lock users in or out of their cars until they pay a ransom. “Hackers can use jammers to disrupt electromagnetic waves and block communication to perpetrate attacks such as key fob hacking. They can also break into the car’s controller area network (CAN) which is used by vehicles to communicate with their electronic control unit (ECU) that controls subsystems such as antilock brakes, audio systems and even the engine,” cautions Venkat Krishnapur, vice president of engineering and managing director, McAfee India.
What makes keeping track of potential threats difficult is the automotive industry’s complex and disparate supply chain. The frequent integration of third-party components, software, communications protocols, and applications often introduce threat vectors that automakers need to address, suggests Krishnapur. However, with automated tools, car companies can locate defects and security vulnerabilities in source code and identify malicious third-party components.