Security Vulnerabilities in Cars: Five Best Practices
Cars have become infinitely more complex in the past ten years. With the introduction of features like proprietary operating systems for apps, advanced traction controls, in-car WiFi systems, automatic cruise controls, and more, cars have now become another threat vector.
We'll show you potential vulnerabilities and what best practices you can follow to better protect yourself (and your car) from a breach.
1) Be Careful About Syncing Data
On a business trip and want to listen to some music in your rental car? You could sync your mobile device to the car's stereo via Bluetooth, but with this behavior there are repercussions to consider. While this approach is convenient, if your device holds information like contacts, the car's system could automatically sync those contacts to its internal operating system, which could be accessed by future renters.If you want to listen to music in a rental, it'd be safer to use an auxiliary cable to connect.
There are other ways data can sync to your car. If your personal or rental car has WiFi, make sure to lock it down with a password like you would at home. Also keep in mind that before you sell or trade-in your personal car, ensure information such as contacts or previous locations from navigation synched to your car's infotainment system are deleted.
2) Watch Out for Malicious Applications
In our security training, we talk about being wary of mobile device apps that could be malicious in nature. The same can be said when downloading apps for your car's proprietary operating systems, or connecting your phone's apps to a vehicle's infotainment system.
Though automotive manufacturers generally have their "app stores" more locked down, car manufacturers have been moving towards making their proprietary operating systems open source, where hackers could see benefit in exploiting these systems. Additionally, if there are unsafe applications on your phone, it could infect your car's infotainment system if connected. There have also been reports of malicious MP3s downloaded from "free download" applications attempting to install malware into cars.
3) Think Before You Plug In
Many cars have features that enable you to load maps from DVDs for navigation, charge and sync items via USB ports, or play music from SD cards. Take extra precaution when you're passing data from an external storage device to the car. Navigation DVDs should only come directly from the factory, and SD cards and any USB storage drives that you plug into your car should be known entities.
4) Be Sure System Updates Come Directly From the Manufacturer
If you can update your car's operating system, it's smartest to either download updates directly from the manufacturer's website, or visit a local franchise dealership (the brand of your car) for them to install updates. Avoid using updates from third-party websites or non-franchise dealerships.
5) Choose a Safer Car
Though your best option to avoid hackers may be using a stick-shift hatchback from the 1980s, it's smart to at least be aware of some of the better (and worse) options when choosing a newer car. While every car isn't evaluated, BlackHat published a 92-page report about car hacking, with a list of cars evaluated available on page 89. This report is a great source of information if you'd like to read more about the technical details behind car hacking.