FBI Warns About Vehicle Hacking Risks
Image courtesy of the Domestic Security Alliance Council.
The FBI has issued a public service announcement warning vehicle owners and auto industry manufacturers about the threat of vehicle hacking.
The notice was released in coordination with the National Highway Traffic Safety Administration.
“While manufacturers attempt to limit the interaction between vehicle systems, wireless communications, and diagnostic ports, these new connections to the vehicle architecture provide portals through which adversaries may be able to remotely attack the vehicle controls and systems,” the PSA said. “Third-party devices connected to the vehicle, for example, through the diagnostics port, could also introduce vulnerabilities by providing connectivity where it did not exist previously.”
The PSA provides steps that vehicle owners can take to minimize vehicle cybersecurity risks. Some of the advice provides this reminder: Hackers can make their job a whole lot easier if they’re also skilled con artists. Vehicle owners need to keep their guard up.
For years criminal scammers have successfully hacked into computers using phishing email schemes — that was the case with the much-publicized Sony Pictures’ security breach. Another popular hacking scam relies on phoning people at random and claiming to be a Microsoft tech support employee who just received an alert about a critical computer problem that needs immediate attention. Some computer owners have fallen for the ruse and handed control of their computer over to the scammer.
What if criminals use similar tactics to hack vehicles?
“If a manufacturer issues a notification that a software update is available, it is important that the consumer take appropriate steps to verify the authenticity of the notification and take action to ensure that the vehicle system is up to date,” the PSA noted.
The FBI notice also warned manufacturers that if they regularly make software updates available online, criminals might eventually exploit this delivery method.
“A criminal could send socially engineered e-mail messages to vehicle owners who are looking to obtain legitimate software updates,” the notice pointed out. “Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software (malware).”
The malware could be designed to install on the owner’s computer, or be contained in the vehicle software update file, so it could be introduced into the owner’s vehicle when he or she attempts to apply the update via USB.
Hackers also might mail vehicle owners USB drives containing a malicious version of a vehicle’s software, the PSA said.
The FBI notice also advised vehicle owners to make sure their vehicle software is up to date, to be careful when making any modifications to vehicle software, to maintain awareness and exercise discretion when connecting third-party devices to their vehicle, and to be aware of who has physical access to their vehicle.
If vehicle hacking is suspected, vehicle owners need to notify the vehicle manufacturer or authorized dealer, NHTSA and the FBI. You can access the full PSA by clicking here.