Auto Software Hacking: How It’s Done and What’s at Stake

You’re probably familiar with software for your smartphone or computer. But, what about software for a much bigger object that you likely use regularly? Many people forget about automobile software that helps their cars function. If you have an app that lets you unlock the car doors or start the motor while you’re still inside the house, that vehicle has auto software installed.

Similarly, when people opt to get partially autonomous features for their automobiles, such as parking assistance, collision avoidance technology or path correction capabilities, they’re purchasing extras that need software to work. Moreover, if the panel on your car’s dashboard allows making hands-free calls via Bluetooth or navigating to an unfamiliar destination by receiving real-time guidance, software enables those conveniences.

The Hacking Risk Is Real

There are no documented cases of hackers maliciously taking control of a car and using it to cause harm. However, automobile experts, including the leading car manufacturers, are aware of the possibility and are making improved cybersecurity a priority. They know hackers from the other side of the world could wreak havoc on vulnerable auto systems.

If that happens, lives may be lost, and the automakers involved could face lawsuits and longstanding reputational damage due to consumer mistrust. There is already a trust problem associated with vehicles offering complete or partial self-driving capabilities. A recent Reuters/Ipsos poll found that about half the respondents believed self-driving cars are more dangerous than traditional ones.

You can imagine the sharp rise in people expressing that opinion if the headlines start talking about hacked cars — self-driving or otherwise. Some might decide that the safest thing to do is drive cars that don’t have any features that use software and connectivity to work. But, that outcome would be a harmful one, too, especially because many of the software-dependent features do keep people safer under normal circumstances.

A Hacker Could Steal Your Car

Car hacking is, unfortunately, not a new phenomenon. News broke in 2016 of a problem that would allow unauthorized parties to start and unlock cars remotely. The issue affected 19 makes and 24 models, and people could exploit the vulnerability by altering the cars’ radio frequency with an amplifier. Then, it was possible to make a car’s keyless entry behave as if the rightful owner was nearby with the connected fob.

Estimates indicate that in 2016 alone, thieves took more than 750,000 vehicles in the United States. You can do several things to make your car less appealing to people who might steal it, including hiding your valuables, locking your doors and using a vehicle alarm. Those are valuable preventative strategies, indeed, but the tips commonly given to prevent stolen cars may evolve as car software hacking becomes more problematic.

It’s worth pointing out that researchers at a German car club confirmed the amplifier adjustment issue. When such people come across security shortcomings, they generally feel obligated to report them to the manufacturers. Then, the brands can act by patching the flaw and working even harder to strengthen security.

A similar, more recent issue of remote car tampering came about due to three separate software problems associated with the MyCar platform, which allows users to start their cars, unlock them, set the alarm and more. The ethical hacker who found the issues estimated that they affected approximately 60,000 cars and said it would even be possible for a cybercriminal to retrieve enough data to choose the kind of vehicle to target.

Cybersecurity Weaknesses Can Affect Company Operations

Even if researchers are the sole discoverers of car software hacking opportunities, news of problems can adversely affect the companies with the respective automobiles. In 2015, 1.4 million cars manufactured by Fiat Chrysler Automobiles got recalled after cybersecurity experts demonstrated they could remotely control crucial parts of a Jeep — including its engine and brakes — by infiltrating the car’s entertainment system.

After the company announced the recall, one of the hackers that found the vulnerability took to Twitter and wondered if it was cheaper to make cars secure or conduct recalls. Pulling a vehicle from the market due to safety reasons comes with both financial costs and logistical ones.

First, the automakers must determine the most efficient and effective ways to inform dealers and car owners of the matter. Next, the manufacturers typically provide free repairs to address the issue that caused the recall. When auto brands have no choice but to make things right after a recall, the related actions can cut into profits and cause workloads to shift.

No Straightforward Solution to Car Software Hacking

Automobile software hacks are scary and not far-fetched. There’s no single or easy way to tackle such problems but figuring out how to make definitive progress is crucial to keep people safe.

Scott Huntington is an automotive writer from central Pennsylvania. Check out his work at Off The Throttle or follow him on Twitter @SMHuntington.

Editor’s Note: The opinions expressed in this article are those of the author.

Not an NMA Member yet?

Join today and get these great benefits!

Leave a Comment