- Aug 14, 2010
Thieves Could Hack Cars Through Tire Systems
Plus Four Other Vulnerabilities of Vehicle Technology
As our cars become more technologically advanced, they leave the door open for vulnerabilities. Latest in the technological flawbook appears to be tire pressure monitoring systems (TPMS), revealing just how small that hole needs to be in order for a tech savvy thief to crawl through.
A group of researchers from Rutgers University and the University of South Carolina discovered that you can hack into a car's electronics wirelessly though tire systems, which means any modern vehicle could be vulnerable to an attack at any time, even while it's being driven down the road.
In their study, researchers used a car's tire pressure monitoring system (TPMS) as their entry portal. Tire pressure monitoring has been mandatory on new cars since 2008 and uses a sensor on each wheel that transmits data over radio frequencies to a vehicle's electronic control unit.
By sniffing for signals from the TPMS, these researchers were able to track two different vehicles and even interfere with the signals. At this point, the real world implications are limited because TPMS sensors have a very short range and update the car's ECU only every 60-90 seconds. However, these findings underscore how as vehicles get more wireless connectivity, it's important to ensure those wireless connections are secure and encrypted to prevent mischief.
Over the last few years, other vulnerabilities have been found in vehicles. While most of these aren't cause for concern today, they nevertheless point out that that technological advancement comes with compromises.
- Geo-location: Cars with onboard navigation systems are in a never-ending conversation with the sky above. Acting as a unique signal with a series of satellites, your vehicle essentially has its own "mailing address." Locating that address by compromising the satellite network could reveal your location to someone who wanted to find out where you were traveling. What's at stake: your location.
- "Home button" robberies: Related to navigation systems, there have been reports that thieves target vehicles with navigation systems and garage door openers visible. The thinking is that if a thief can get access to your navigation system, he can press the home button (which most drivers program to their real home address) and then use the garage door opener to get inside. What's at stake: Your car and potentially your home.
- Physical Access to the car's brain: In an earlier report, our Craig Howie reported on the dangers of allowing someone access to the OBD-II port of a vehicle, which is the access point for the car's brain. "Someone -- such as a mechanic, a valet, a person who rents a car, an ex-friend, a disgruntled family member, or the car owner -- can, with even momentary access to the vehicle, insert a malicious component into a car’s internal network via the ubiquitous OBD-II port (typically under the dash). The attacker may leave the malicious component permanently attached to the car’s internal network or, as we show in this paper, they may use a brief period of connectivity to embed the malware within the car’s existing components and then disconnect." What's at stake: A lot. Access to the all the vehicle systems can be found here, which means everything from accelerator to brakes.
- "GPS Jammers" Allow Thieves A Getaway: The super technologically advanced thief is looking a few steps ahead. Knowing that many cars come with GPS systems, onboard tracking systems such as OnStar and other theft devices, there have been reports that thieves are buying GPS jammers from China. These systems essentially block the car's own GPS signal, preventing the law from locating the car. What's at stake: the safe return of your car.