Cyber hijackers will control your car

Angelique Serrao

JOHANNESBURG: In the not too distant future, having your car hijacked at a robot probably won’t happen. Instead, criminals will remotely take over your vehicle and drive you to them.

As more systems within cars become connected to the internet, car manufacturers have admitted that they are becoming prone to being hacked. If a criminal has the car’s VIN number, is up to date with the vehicle’s technology and is determined enough, your car can be remotely hacked and its systems taken over.

This was revealed last year when Andy Greenberg, from Wired.com, filmed himself in a Jeep Cherokee which was hacked remotely.

It started with cold air at the maximum setting blasting him, the heat on his seat turned up.

The radio changed stations and volume, the windshield wipers turned on and wiper fluid sprayed the glass.

The car’s digital display turned on, revealing the two hackers who were taking over the Jeep. Then it became more serious. The accelerator stopped working.

Hacking can also cut the brakes, kill the engine, sound the hooter and take over the steering of a car.

It can also track the GPS co-ordinates and measure the speed you are driving at.

And it’s something all vehicle manufacturers have to deal with as internet connection technology becomes more prominent in cars.

Just last week Nissan admitted that their new Leaf electric cars can be drained of their battery life using little more than the vehicle identification number (VIN).

Tech Insider reported that the security hole was discovered by researcher Troy Hunt, who found out that the Leaf’s smartphone app interface needed just the VIN to control the car features remotely without passwords.

“If I was to monitor your movements over the course of a week and learn when you go to and from work, shortly after you got to your office I could run the heating for the remainder of the day,” Scott Helme, a cyber security researcher told the BBC.

“That would potentially leave you with very little power. Certainly not enough to get back home.”

Nissan then disabled the smartphone app after the security flaw was revealed.

Sergey Lozhkin, senior researcher at Kaspersky Lab, said more and more cars have the option to remotely control some of their systems.

“According to our predictions, applications on user’s smartphones will soon be able to control critical car systems,” Lozhkin said.

He said in the recent Nissan Leaf case hackers downloaded the application that can control in-car systems – presumably climate control or entertainment – and used the VIN number of the car to connect to the control panel.

“It would not take much for this to be used for criminal gain: by simply changing a VIN number it could be possible to control another car.

“Although the functionality in this example is relatively limited, the ease with which criminals can gain access should be thought-provoking for software developers,” he said.

Lozhkin said this type of attack could be easily prevented by enabling safe authentication procedures between the car and smartphone application, in combination with data encryption.

“The Nissan example once again demonstrates that car manufacturers need to start taking the issue of cyber security threats to their internet-connected cars seriously, and demand that car component manufacturers do the same.”