No car is safe as hackers reveal latest tricks of the trade
As cars have become more modern, their security has also become more vulnerable to hackers, Dubai conference hears
Security experts are getting inside the minds of increasingly sophisticated thieves in a bid to protect drivers from car crime.
The hi-tech tricks of the trade of a new breed of car-jackers were demonstrated at the Hack in a Box conference, held at the Grand Hyatt hotel in Dubai, as well as the efforts being made to counter them.
Senior officials from a variety of security firms showed just how easy - and cheap - it can be to break into expensive modern cars and even control them remotely.
A team from Chinese security firm Qihoo showed how they could break into a car using a device they built for just Dh80, a considerably cheaper alternative to previous key cloning devices.
They revealed the ease at which thieves can slip under a vehicle’s security system to potentially steal it or override its safety controls.
“Vehicle systems use immobilizers to protect them from theft, by using specific numbers delivered by a key fob,” said Robert Leale, a senior engineer at Intrepid Control Systems.
“If you know those numbers you can pretend the key is in the vehicle and get the vehicle to start itself. And we can find those numbers by searching some vehicles schematics online.
“Another way is to send data from a laptop to a non-learned key fob to link to the car to give access, and they can be bought cheaply on EBay or from a vehicle dealer.”
Simple techniques like cloning key fobs, and accessing a vehicle’s computer system via a laptop, is becoming easier as more of a modern car’s controls are linked to a central on-board computer.
A Jeep 4x4 vehicle was used in the Hack in the Box conference demonstration, but experts said any vehicle was equally vulnerable to attack.
“It has been known for a number of years that cars have telematics that are easy to access with the right know-how,” said Eddie Schwartz, executive vice president of Cyber Services at DarkMatter.
“We see vendors building more systems that makes them more reliant on a car’s computer, making them even more at risk to hackers.
“They are not necessarily building security systems around that, it is often just access from a key fob, with no biometrics required such as facial recognition.”
Vehicle control systems can access brakes, fuel lines and airbags – so the possibility increases for disruption, particularly when these systems become tied to smart cities of the future when autonomous transport becomes mainstream.
The basic computer skills required to hack a work station, office server or network device are the same as hacking a car system.
Mr Schwartz said adding a second stage authentication for the driver, such as a pin code to start a vehicle, would help reduce a car’s vulnerability.
“The nuances are finding out which system is relevant to a particular model of car, and that information is available online through training programmes for vehicle technicians,” he said.
It is causing a big issue for manufacturers who have to ramp up their security skills to try and stay a step ahead of car criminals.
One hacker, who did not want to give his name, said all cars were vulnerable to attack.
“If you know the right language, you can easily talk to cars over the internet and basically control them remotely,” he said.
“We can do simple things like alter the reading on a fuel gauge, or even cause the car to accelerate or brake.
“I can even access cruise control.
“It shows there is a lot of work to be done before autonomous vehicles can be controlled safely within a secure network.”
Updated: November 27, 2018 05:56 PM