from the internet-of-not-so-smart-things dept
We’ve been talking for several years now about how modern “smart cars” don’t adhere to particularly smart security practices. Nissan recently opened Leaf owners to remote attack via a nasty vulnerability in the car’s app. The Mitsubishi Outlander was similarly unveiled to be relatively trivial to hack. And last year, hackers showed just how easy it was to manipulate and disable a new Jeep Cherokee running Fiat Chrysler’s UConnect platform.
Most of these attacks involve the intruder worming so deeply into a vehicle’s systems that they’re in some cases able to actually control most if not all of the car systems from anywhere on the planet. So as you might imagine, simply unlocking the doors and starting the engine while in or near the car isn’t proving too difficult for many hackers.
The Wall Street Journal notes how police and insurance companies are only just now waking up to the problem this creates for owners, one of which last month posted this video of a thief using a laptop to hack into and steal a 2010 Jeep:
“If you are going to hot-wire a car, you don’t bring along a laptop,” said Senior Officer James Woods, who has spent 23 years in the Houston Police Department’s auto antitheft unit. “We don’t know what he is exactly doing with the laptop, but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”
Gosh, good guess (though many of these hacks don’t require a key at all). The story continues along in this vein, with a rep for the insurance industry also kind of dumbly stating the sector “thinks” that hackers might be exploiting awful car security:
“The National Insurance Crime Bureau, an insurance-industry group that tracks car thefts across the U.S., said it recently has begun to see police reports that tie thefts of newer-model cars to what it calls “mystery” electronic devices. “We think it is becoming the new way of stealing cars,” said NICB Vice President Roger Morris. “The public, law enforcement and the manufacturers need to be aware.”
That police “don’t know” what hackers are doing and insurance companies “think” something’s going on should clue you in to the fact that car hackers and thieves haven’t faced much resistance for several years now. As one security analyst in the piece notes, it’s going to take significantly more than the current paper-mache grade security most automakers are employing to protect vehicle owners from theft (or worse). Vehicle manufacturers are also going to have to do better than the often multi-year process it takes to issue patches once security vulnerabilities are exposed.