Ok, I guess officially the Holiday season has started. I have not been able to do my usual walking down the Prairie Path, given the crazy change of weather and the recent 5 inches of snow we just had here in Chi Town. So, I have been going to the gym at my apartment (for which I am grateful for) and going back to my treadmill and watching HGTV. Some very interesting episodes might I add.
But for the commercial breaks, all of the Holiday stuff is now coming out. And yes, even the ever so famous “Happy Honda Days” are back, and the GM commercials where you can purchase a brand-new car with their employee discount. It’s tempting to see what is inside of these new cars, but am I going to buy one? The answer is a straight “No”.
I have an old Honda Civic 03, and despite an almost $2,000 I had to spend over the summer for repairs, she us running just fine. Her dashboard is old fashioned, all analog instrumentation. Probably the only thing that could be somewhat modern is the mileage indicator.
But you know what? I like it that way. I like to keep things as simple as possible, without having it all connected together to some electronic gizmos.
But in my view, unfortunately, that is the way these new cars are. They are nothing but now electronic cars (literally speaking), but probably the more technical term for it is the “Smart Car”. This can be likened to that of the “Smart City”, “Smart Home”, etc.
This is where once again everything is all connected together, via this umbrella that we call the “Internet of Things”, or “IoT” for short. This is the vast expanse of where both the physical and virtual worlds that we live in are all connected together.
But that is a topic for a different day. Back to the Smart Cars. Yes, they are ultra-sophisticated, and it could very well be that the day will come soon when the car will drive itself and we just sit in the driver’s seat. But you know what? As I have written about before also, this kind of technology is also a huge boon for the Cyberattacker, as the attack surface has just increased probably by at least ten-fold.
This is according to the Cybersecurity known as “IntSights”, with their just recently published market research project entitled “Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features,“.
In this document, the firm details into the ways that a Cyberattacker can get access to all of the interconnectedness and software in your Smart Car, and cause damage that is far even greater than just getting your emissions controls replaced (which I had to get done).
Here are some of the key findings of this report:
*Because of the new electronic stuff that can be added onto cars, such as Wi-Fi, GPS, etc. the car of today now has thousands of pieces of electronic hardware and millions of lines of Source Code, thus giving the Cyberattacker a huge surface in order to test their newest threat vectors.
*Believe it or not, most of the hacking tools that one can use to break into a Smart Car are actually available online, many of them free to download. Examples of these include the following:
Scary, isn’t it? Well, it goes even beyond this. It seems like that the Cyberattacker’s favorite point in which to target the Smart Car is what is known as the “CAN Protocol”, in which they can get complete access of your car.
This is so widely feared that it is even possible that the Cyberattacker can gain complete access to your car while you are driving, including the brakes and the steering wheel. We all thought that this was only in the movies when we were watching James Bond, but now the fact of the matter is that it is a very stark reality.
But, in order to inflict the most possible damage, the Cyberattacker actually needs to be physically connected to the Smart Car. This can only happen if he or she is in close proximity to it, which is so far good news.
In other words, if the car is going at about 80 MPH, the Cyberattacker will have to be going just as fast in their car, and just being a few feet away.
But, as the technology for these Smart Cars is rapidly evolving on a daily basis, it will soon be possible for the Cyberattacker to break into both the cellular and Wi-Fi connections of them, and from there distribute nefarious pieces of Malware which can totally wreak havoc on the electronic systems of it.
Another very popular point of entry for the Cyberattacker to gain access to the Smart Car is through what is known as the “Remote Keyless System”. This is where the owner (or driver) of the car can start their vehicles without even having to use a key.
The reason why that is so easy to crack is that the newest versions of the so called “Code Grabbers” can easily intercept the signals that are transmitted from the keyless FOB to the car that are used to unlock it.
As far as I know, these signals are still unencrypted, which makes them very easy prey. In fact, many of these tools are now available on the Dark Web, and in this regard, a widely used tool is called “RollJam”, and can be purchased for as low as $32.00. There are other tools as well, such as Panda DXL, Grabos Panda, and Code Grabber.
Another point of entry for the Cyberattacker to get full and complete access into your Smart Car are through the servers of the car manufacturer’s themselves. It is through this specific infrastructure that communications to the Smart Cars take place, such as deploying and applying the various software and firmware upgrades. Thus, if there are any gaps or vulnerabilities in these servers, the Cyberattacker can easily penetrate them and cause a devasting, cascading effect onto all Smart Cars simultaneously, in just a matter of minutes.
Finally, many drivers of course connect their Smartphones into the USB jacks of their Smart Car. But this, is another point of extension in which for the Cyberattacker can get into. Take this as an illustration: Suppose a sales rep is driving, and while doing so, he or she gets a plethora of Emails. Without paying too much attention as to what has been received, they mistakenly open one which is a Phishing Email.
They then download the open up the document, which then triggers all a nasty piece of Malware to infect all of the software connections within the car. Naturally, everything comes to a grinding halt, and the driver, thinking that there is something wrong with the car itself, fails to realize that it is that fake Email that has caused all of this damage. Yes, another very stark picture to comprehend and deal with.
My Thoughts On This
As I write this post, I have also been reflecting on those days when I took Driver’s Ed in high school. My gosh, things were so simple back then, the scariest part was just getting used to the highway driving. Never did any of us realize, including my driving instructor, would ever think and even dream that the digital word surrounding cars would get so surreal and for lack of a better term, just pure “crazy”.
It is also important to keep in mind, that once your Smart Car has been hacked into, not only is there the damage to repair to the electronics components of it, but any other software aspect as well also. So, what could be considered just a minor repair with a software upgrade could literally costs thousands of dollars in the end.
In fact, as we now approach the horrible winters we have here in Chicago, it just wonders me how in the heck these Smart Cars will even start when another polar vortex bears down.
It seems like that if hardly one electronic component goes out, so does the entire car. But IMHO, I really blame all of this on the world of the IoT. The examples that I have pointed in this blog can only occur because of all of the interconnectedness that has taken place.
Do we really need it? What is the point of it all? I simply fail to understand this at all. Why tell Siri or Cortana to turn on your kitchen lights when you do it manually yourself in just the same amount of time?
That is why I will continue to love my little old Honda. I have seen other Smart Cars come and go, but hopefully this one will outlast all of them. There is something still to be said about beauty in simplicity.
Finally, more details about this market research project can be downloaded here:https://intsights.com/resources/under-the-hood?access&mkt_tok=eyJpIjoiTnpNeFlXRmtOall5WlRneCIsInQiOiJCbnhQSWlMc1MzRTNOdTQ0bnlZU2hsdDdkRnhmdlBJcUd6ZlBLMlJsWnlQZzZPKzlGUE4zeVhKKzFYakpjQmJtMXpcL0Q0ZFV4a0NWZDFPWlNzSFQ4bFljOEt5dk5wUlhyWXRYWThxZFUxbEc3TDVWXC9HSFNQM0s1WUowaDJpb1l1In0%3D