FBI and NHTSA issue release warning of connected car security risks
(c)iStock.com/David Crespo Nieto
The FBI and the National Highway Traffic Safety Administration (NHTSA) have issued a joint public service announcement (PSA) urging the connected vehicle industry and consumers to remain aware of cybersecurity threats to vehicles.
Both organisations have provided an explanation on how computers are utilised in modern motor vehicles and how a hacker can access vehicle networks and driver data. The PSA issued by the organisations details how vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port.
The PSA then shifts focus to how researchers ascertained a number of vulnerabilities in the radio module of a MY2014 passenger vehicle and reported its detailed findings in a whitepaper published in August 2015. The study saw researchers formulating exploits that target the active cellular wireless and optionally user-enabled Wi-Fi hotspot communication functions. Hackers however can perform exploits on a vehicle by making a cellular connection to the vehicle’s cellular carrier from anywhere on the carrier’s nationwide network.
In a target vehicle, at low speeds of 5-10 mph, researchers were able to shut down the engine, disable brakes and manipulate steering. At any speed, researchers were able to manipulate door locks, turn signal, tachometer, radio, HVAC and GPS. On account of these vulnerabilities, NHTSA ordered a recall of almost one and a half million vehicles and the manufacturer and cell service provider were made to provide a solution to counter the specific vulnerabilities.
The FBI and NHTSA also provided a list of steps that consumers must undertake in order to check if their vehicle is secure. Both organisations have also provided a way for consumers to interact with them on vehicle security. Meanwhile, automakers have created an Information Sharing and Analysis Center (ISAC) to provide a trusted mechanism for exchanging cyber security information.
You can find the full release here.