Want a Hackproof Car? Ditch Your Fancy Connected Dashboard Sound System

By Gerald Lynch on at

A hackable car would once have seemed like plot device for a William Gibson novel. But as our wheels become increasingly connected, they open themselves up to the same threats as any other computing device. Wireless car hacks are an increasingly common concern for UK police forces, with 16 keyless wireless thefts occurring in the capital every day.

And it's the most advanced cars, those with sensor filled components and notification-pinging dashboards that are the most susceptible.

"Cars have many different elements connected by small computers, and each small computer takes care of different parts of the car. They're connected inside via an internal network. It's essentially a computer network sharing vulnerable information," Vicente Diaz, Kaspersky Lab's Principal Security Researcher, Global Research & Analysis Team, explained at MWC 2015.

"When these were designed, modern security concerns were nothing that they could have imagined would be important in the future. So there's no authentication between the different company's components, there's no checking how stuff communicates with each part of the car."

Of all the components, it's a car's infotainment system, its connected dashboard, that proves the most concerning, according to Diaz. While you're blasting out tunes, hackers may be using your dashboard to gain access to valuable information, and potentially even resulting in the theft of the car itself.

"All these 'Infotainment' systems are basically another computer that has access to parts of the car for doing all the cooler stuff -- it could be just to show the status while you're driving, or something more. Maybe you want to turn on the engine, perhaps, because it's cold in the winter, so you need the engine for the heating. So suddenly, with an infotainment dashboard, you have access to all these subsystems on the car."

"Security of these infotainment systems then becomes important," said Diaz.

"The infotainment system is the door to the external world -- it could be susceptible through Bluetooth or even SMS and email messages from your car provider. It may be a car, but it poses a familiar question -- how secure is this computer?

"What are the protocols for having access to it? How secure is the ecosystem for the user? Even something as simple as a phishing email could be dangerous."

Though car manufacturers are wising up to the risks their connected entertainment systems are exposed to, many face an uphill struggle retroactively trying to secure legacy components.

"We are in a phase where the manufacturers are asking, 'What can go wrong, and what can we do?'" explains Diaz.

"The problem is the segmentation; if something has been there for many, many years, and many different manufacturers are using different pieces from insecure providers using these protocols and standards, it's not an easy task to change everything. It will take years before they can change everything for a more secure approach."

And it doesn't even necessarily have to be the theft of the entire car, warns Diaz. A driver's personal information could become available, and could prove equally valuable to tech-savvy thieves.

"If hackers find new backdoors for making money out of it, then it will be something else to be worried about. Imagine the 'Ransomware' attacks that can happen to your computer happening to your car -- being made to turn on your car and being held to ransom that way. That's a very bad situation."

Last week, Apple's Tim Cook revealed that the company's forthcoming Apple Watch could potentially be used to unlock a car. Though another system that brings with it it's own connected security conundrum, this potential extra authentication step could prove useful, providing it exists in tandem with other security features.

"We've had time to figure out what would be a good method of secondary authentication," said Diaz.

"Biometric systems are good, but they still have some problems and are difficult to implement. But being able to have something else with you, like the Watch, that could be a good method -- having a key, or having a smartphone or watch instead is conceptually the same thing. It will always depend on implementation, and how secure the protocols are.

"But it's opening interesting possibilities, and it's good to look forward and explore new security methods."

Image Credit: Thief in the car (modified) from Shutterstock


Welcome to Gizmodo UK's coverage of all things MWC 2015. For our comprehensive rundown of everything new and shiny at the year's biggest phone event, check here.