As we hurtle headlong into the smart world a Himalayan mountain of evidence reveals device manufacturers rarely give much thought to security whether it’s smart baby monitors or industrial heating systems.
This is particularly evident in the world of smart vehicles. Cars rolling off production lines today have, as standard, the ability to connect smartphones to the software-based infrastructure of the car.
On the surface this is all über cool; it’s easier to listen to your own music, get directions to your destination, access infotainment and even hook into emergency and maintenance services. Drivers can even locate, lock and unlock their cars simply by tapping an app on their smartphone screen.
But connected vehicles are as only as smart as the things they are connected to and in this age of always-on internet the connections they might not be what a car owner has in mind, such as hackers intercepting in-car communications.
Specifically with smartphone car connections there are a number of vulnerabilities:
- The OBD2 port used to connect third-party devices like smartphones is open to attack
- The software running on infotainment systems, one of main communication interfaces in a connected car is vulnerable
- Bluetooth, Wi-Fi, cellular network connections can be exploited if not properly secured
- Smartphone mobile apps which control things like locating the car, opening and locking the doors and even starting the ignition can be exploited
These exploits have already been widely acknowledged in the security researcher community:
- Vehicles are now storage locations and also data hubs as result of connecting smartphones to cars’ software architecture. One researcher hired a car and discovered that data from ten previous users of the car who had each connected to the in-car system was still stored in the car’s system.
- Two researchers found that Android apps designed to remotely open and close cars lacked the most basic of software defences. Hackers focusing on a user’s phone could trick them into downloading malicious code and in some cases start its ignition. The startling thing is some of these apps had been downloaded over a million times.
- Chinese security researchers demonstrated they can control a Tesla Model X via web and mobile phone connections. Using its web browser, researchers were able to control the car’s electronically controlled brakes, lights and doors. Worrying indeed.
It’s hardly surprising that connected cars are vulnerable to hacking. On average each car has more than 100 million lines of code to improve things like safety, fuel efficiency and convenience, such as hooking up your smart phone.
More tech, more holes
However, the more tech that is put into a car the more points of entry for hackers. And while hacking today’s smart cars is relatively low-key thing there will come a point at which it becomes more commonplace among hackers whether it’s for peer point scoring or more malign motives.
The vulnerabilities in smart cars at a wider level are reflected in smart home devices. Certainly for many smart home device manufacturers security is not a prime consideration.
This is why BullGuard has released Dojo by BullGuard
, an industry-leading, design award-winning and disarmingly simple to use device that protects all smart home devices.
Packed full of advanced technology such as artificial intelligence and cloud-based security it stops intruders, locks down the smart home and keeps families and their private information safe.
It’s a shame that vehicle manufacturers haven’t yet caught on to the pressing need for cyber security in the car.