Police Slowly Waking Up To Fact That Vehicle Network Security Is A Joke To Hackers, Thieves

from the internet-of-not-so-smart-things dept

We’ve been talking for several years now about how modern “smart cars” don’t adhere to particularly smart security practices. Nissan recently opened Leaf owners to remote attack via a nasty vulnerability in the car’s app. The Mitsubishi Outlander was similarly unveiled to be relatively trivial to hack. And last year, hackers showed just how easy it was to manipulate and disable a new Jeep Cherokee running Fiat Chrysler’s UConnect platform.

Most of these attacks involve the intruder worming so deeply into a vehicle’s systems that they’re in some cases able to actually control most if not all of the car systems from anywhere on the planet. So as you might imagine, simply unlocking the doors and starting the engine while in or near the car isn’t proving too difficult for many hackers.

The Wall Street Journal notes how police and insurance companies are only just now waking up to the problem this creates for owners, one of which last month posted this video of a thief using a laptop to hack into and steal a 2010 Jeep:

Houston police don’t seem all that sure, but they have a sneakin’ suspicion that somethin’ ain’t right here:

“If you are going to hot-wire a car, you don’t bring along a laptop,” said Senior Officer James Woods, who has spent 23 years in the Houston Police Department’s auto antitheft unit. “We don’t know what he is exactly doing with the laptop, but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”

Gosh, good guess (though many of these hacks don’t require a key at all). The story continues along in this vein, with a rep for the insurance industry also kind of dumbly stating the sector “thinks” that hackers might be exploiting awful car security:

“The National Insurance Crime Bureau, an insurance-industry group that tracks car thefts across the U.S., said it recently has begun to see police reports that tie thefts of newer-model cars to what it calls “mystery” electronic devices. “We think it is becoming the new way of stealing cars,” said NICB Vice President Roger Morris. “The public, law enforcement and the manufacturers need to be aware.”

That police “don’t know” what hackers are doing and insurance companies “think” something’s going on should clue you in to the fact that car hackers and thieves haven’t faced much resistance for several years now. As one security analyst in the piece notes, it’s going to take significantly more than the current paper-mache grade security most automakers are employing to protect vehicle owners from theft (or worse). Vehicle manufacturers are also going to have to do better than the often multi-year process it takes to issue patches once security vulnerabilities are exposed.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Police Slowly Waking Up To Fact That Vehicle Network Security Is A Joke To Hackers, Thieves”

Subscribe: RSS Leave a comment

Re: finally someone slower than the speed of government.

At this point it is looking like it is intentional, they will ask their congress critters to pass laws making vehicle maintenance a dealer only function. They have had this wet dream for some time now, hope they have a towel ready to clean up their mess.


“Police Slowly Waking Up To Fact That Vehicle Network Security Is A Joke To Hackers, Thieves”

And what do they think they can do about it? They barely knew it was a problem, certainly they know very little detail and would not understand even if it were explained like a they were five.

Possibly, the answer is for vehicle manufacturers to stop incorporating this connect everything bullshit. I do not need my vehicle connected to anything, nor my fridge, toaster, thermostat … Products looking for a market, forced upon an unsuspecting public, abused by nefarious cretins while the owner is accused of the repercussions. This is a train wreck in slow motion.


There's already to much in my car

Manufacturers have been competing with each other to offer the most tech in their cars for years now. And what’s worse, they suck at it. I read an article, can’t remember where, that stated a majority of drivers are never informed about the entire electronics capabilities of their vehicles, and the few that are, rarely if ever use most of them.

In short, the vehicles are being piled up with every bell and whistle the manufacturers can dream up, and car owners are getting saddled with the bill, the reliability headaches, and now easy theft.

You could take EVERY piece of wiz-bang electro-stupidity out of every car this side of german luxary, and no one would notice, except the thieves who’s job would suddenly get harder.

John Fendersonsays:


Are you asking about a normal computer rather than one embedded in your car? Then yes. The easiest way is to disable the hardware in the BIOS (which is pretty much as good as physical disconnection), but if you want to physically disconnect it, that is also possible.

The exact thing to do depends on your computer. Laptops are usually easiest. On my laptop, for instance, there’s an access panel that reveals the antenna connection (usually two snap connectors) for the wifi. It can easily be unplugged and reconnected later if you wish. I’ve had laptops that didn’t have such easy access, but opening the case completely reveals the connection.


thank you, john. yes, i’m talking about a regular computer.

nothing nefarious, just an old computer with an old operating system and some old software that i like and know how to use for occasional special projects.

i have zero trust in the maker of the operating system to not force an update that would surely make my software not usable and we all know there are backdoors and route-arounds in every electronic device that aren’t common knowledge.

hey, where’d my tin hat go?

John Fendersonsays:


If your computer is old enough, it’s possible that your wifi hardware is on an expansion card and you could just remove the card. That would be the easiest thing to do.

If not, then my advice (as a fellow paranoid who does security-related development work) is just to disable it in the BIOS if possible.

While it is true that there exist exploits that can alter your BIOS settings, they’re very rare — and ordinary software has no chance of being able to change that setting. That stuff all happens at a level below the operating system itself, and is largely insulated from it.

In the end, though, this is a question of how secure you feel comfortable with. There is no such thing as perfect security no matter what, and the greater the level of security, the greater the inconvenience of it. Ultimately we all have to determine what level of security fits our individual situations.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it