Chances are you heard about the pair of clever guys who earlier this year hacked into a Jeep Cherokee's onboard system over the Internet and turned off the engine while the car was on the highway. Although the hack was a controlled demonstration, it proved that such actions are possible, and that scared a lot of people.
Arxan Technologies Click for full size connected car security infographic
Here's the good news: No evidence exists that anyone has duplicated the exploit in the real world. The incident was also a wakeup call for automakers that are rapidly adding Internet-connected features to cars. Hacking into an automobile is quite difficult, as well, and likely beyond the capabilities of your average numbskull.
That's not to say these kinds of attacks won't ever happen, and a few simple safeguards can make your connected car a lot more secure — and they won't cost you a penny.
4 steps to protect your connected car
I recently spoke to a security expert who has dedicated a good amount of thought to the issue. Matt Clemens is a security solutions architect with Arxan Technologies, a company that specializes in helping software developers protect their code from hackers.
"The Jeep hack was a game-changing event," according to Clemens. Few people had given that sort of attack much thought, but the auto industry is now taking it very seriously, he says. Chrysler, for example, hadn't adequately protected a website that contained source code for some of its devices. The "white hat" hackers broke into the site, stole the code, reverse engineered it, and used it to take over the Jeep Cherokee.
Chrysler fixed that problem, and other auto and component makers subsequently took similar steps, according to Clemens.
To help avoid any problems in the future, Clemens suggests all connected car owners follow these four steps.
- Contact a car dealer, or your mechanic, and make sure the car's software is up to date. If you do not have the latest software version, update it immediately. In the future, you'll likely be able to download such updates automatically, but most cars don't offer this option quite yet.
- Don't "jailbreak" the software in your car or on the devices that connect to it. (Jailbreaking removes manufacturer security protections to enable advanced features.) Doing so voids the warranty, and could open the door to hacks.
- Don't plug random devices into the car's USB ports or OBD2 diagnostic port. (The later is located under the dashboard and is used by mechanics to check the engine and other systems on cars built since the late 1990s.) Clemens says you should avoid devices like the dongles supplied by Progressive and other auto insurance companies, which use the Internet to broadcast data on your driving habits.
- If you want to use a connected-car device or app, do some research, or ask the manufacturer, if it has been hardened before using it. If not, think twice about the risks versus benefits.
Clemens wasn't trying to convince me (or you) to buy anything, so I take him seriously. We live in a world that's packed with foolish, often dangerous, people and we all use increasingly complex devices we don't really understand. It's not hard to imagine someone successfully hacking automobiles in the future, and it's not a bad idea to start thinking about connected car security today.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.