Smartphones may open the door to car hackers, road safety watchdog warns

By Barry Park, 25 Oct 2016 Car Advice

Smartphone car hacking

Connecting your phone via Bluetooth may not be a great idea

YOU might want to think again the next time a smartphone connects to your car’s Bluetooth system. The US road safety watchdog has identified mobile devices, including phones, as one of a number of ways that hackers will one day attempt to break into your car.

The National Highway Traffic Safety Administration overnight released a document titled Cybersecurity Best Practices for Modern Vehicles, calling on carmakers to treat the digital security of cars as highly as they do the crash safety.

It warned the amount of technology linking cars with the internet was potentially opening the door to cyberattacks, and that carmakers needed to think carefully about what they allowed to plug into the car’s delicate electronics – some modern vehicles have more than 60 computers controlling them, all talking to each other via a spiderweb of cables.

It’s this in-car network that hackers can target via an internet connection to the outside world that comes from either an in-built SIM card that connects to the mobile phone network, or a connected smartphone. Concerns have also been raised about in-car Wi-Fi hubs that share a smartphone’s data connection with other users in or near the car.

“The automotive industry should consider that consumers may bring aftermarket devices (e.g., insurance dongles) and personal equipment (e.g., cell phones) onto cars and connect them with vehicle systems through the interfaces that manufacturers provide,” it said.

Smartphone case

“The automotive industry should consider the incremental risks that could be presented by these devices and provide reasonable protections.”

Smartphones have already been identified as a potential way for car hackers to gain access to the electronic brains of cars. Last year, a Queensland-based online security researcher was able to hack into any Nissan Leaf in the world via a web-based interface that allowed owners to log in remotely and check the battery charge status of their vehicle. He was able to play around with the settings of a car parked in the United Kingdom, sparking a global shutdown of the service while Nissan rushed to patch the loophole.

In July last year, the NHTSA forced the recall of 1.4 million Fiat Chrysler vehicles in the US – its first ever to fix a software vulnerability – after hackers remotely logged into a Jeep Cherokee’s electronic nerve centre and played around with the engine, steering and brakes.

The NHTSA said the software hack, via the SUV’s connection to the mobile phone network, represented “an unreasonable risk to safety”. Cars in Australia were not vulnerable to the hack.

The guidelines recommend that carmakers follow a similar system already used in the information technology industry to identify and patch potential hacks.

Before you get into a panic, though, the chances of a hacker breaking into your car are very small. In most cases they’ve only electronically broken into a car if they’ve had weeks or months of time playing with it in the driveway to work out how.