DEFCON 2015: The Realities of Car Hacking
Tech Talker continues his debrief of DEFCON 2015 with a close look at how cars get hacked.
Listen
DEFCON 2015: The Realities of Car Hacking
Last week, I talked about the hacker conference called DEFCON, which I recently attended. As my series on hacking continues, I’m going to cover some of research resulting from the conference and how it affects your everyday life. 
One new topic this year at DEFCON was car hacking. The conference brought in a handful of different cars into the hotel itself all for the purpose of hackers testing the security and capabilities of each vehicle.
When most people think of hacking, the last thing that they think of is a car. This is because, for a long time, cars were pretty much immune to computers. They simply rolled down the road with steel, gasoline and oil. However, as technology got smarter and smaller, cars began to evolve, too.
The first real step cars took into the technical realm came in the form of a standard ODB connector or on-board diagnostics. You’re probably somewhat familiar with this connector if you’ve ever had a check engine light on, the mechanic will use it to read the sensors on the car and see what error is causing the light to come on, or what needs to be repaired. This port is pretty universal and has been standard on almost every car since 1996.
Our show sponsor Automatic from last week essentially makes a wireless version of this that plugs into your car and allows you to see all of the diagnostics from your phone.
Since this connector was created, though, cars have been getting smarter and smarter. Now many cars include entertainment systems, can automatically download updates from cell networks, and can even stream Spotify or Pandora. Some even have WiFi!
This is a lot of surface area that is exposed to attackers trying to get into a car. When I say surface area, I mean that there are a lot of systems, apps, and openings that are exposed within the vehicle. The worst part is that there only needs to be one weakness for a hacker to get in. Typically, this is done through the ODB port or the entertainment system on the car, or even a USB port. From there, hackers will pivot into the main control system of the car.
Once inside the car, they are able to toggle controls, and read system information. One of the scarier attacks involves some models of Jeeps, or really any car that has a ‘Uconnect’ entertainment system in it. This allowed researchers to remotely access the vehicle and control a number of systems in the car, including breaks, steering wheel, radio, and a handful of other things. In the past, these types of attacks required that a hacker have direct physical access to your car. Now they can hack your vehicle from their homes or a Starbucks!
The Jeep attack is especially scary because it uses Sprint’s cell network for Internet connection. This means that your car is literally a computer with an Internet connection on wheels. Attackers can access the GPS and know exactly where you are and where you are headed. They can even change the navigation system so that if you’re using the onboard GPS directions they could lead you somewhere completely different.
Next there are the apps—specifically an app for the popular service OnStar. A car with OnStar also has an app that you can download, which allows for some pretty cool features, like remote unlock, remote starting of your car, remote stopping of your car, and even tracking your car with the GPS. But a security researcher found that he could intercept communications between the app and the OnStar servers, which allowed him to then essentially clone the app.
With the cloned app, he then had all of the features that a normal OnStar user would have! Can you imagine if a hacker were able to locate you in your car wherever you were? They could then lock it, unlock it, start, and stop the car. This scenario could become a reality for some as cars get smarter and are integrated more heavily with networked computer systems.
If that weren’t bad enough, there’s even a hack out there that involves garage doors and wireless keys for your car. It’s called the rolljam attack and it’s pretty easy. It is a small radio device that waits for the radio signal to unlock your car, and then copies it. A hacker can reuse that code once and unlock your car or open your garage door.
So at the end of the day, how do you protect yourself from this? How do you protect yourself from having your car hacked? There really is not a good answer. The best that you can do is to keep your car’s firmware updated.
How do you protect yourself from having your car hacked? … The best that you can do is to keep your car’s firmware updated.
This is the software for the entertainment system, Bluetooth, and any other systems in your car. Most people don’t even know that this is a thing, but if you check your auto manufacturer’s website, or the manufacturer of the system in question. If you keep listening to this podcast and following my Facebook feed, I’ll be keeping a close eye on vulnerabilities as I hear about them.
Well, that’s it for today! Be sure to check out all my earlier episodes at techtalker.quickanddirtytips.com. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on Facebook QDTtechtalker.
Until next time, I’m the Tech Talker, keeping technology simple!
Image courtesy of Shutterstock.
