Alarming rise in car hack attacks - and it's going to get worse: Internet Scambusters #1,062
Your car is a giant mobile computer, which means it may be vulnerable to a car hack.
Thieves and scammers have numerous ways to hack their way into your car's "brain" to steal information and even control vehicle components.
Incidents have rocketed in the past year and things are going to get worse, as we report in this week's issue - with tips on how to protect yourself.
Let's get started…
How To Stop Car Hackers In Their Tracks
Mobile computing takes on a whole new meaning when you apply it to your car. Modern vehicles are stuffed with so much technology, it's like you're driving a computer!
So, it should come as no surprise that crooks have discovered many ways to take control of autos through car hack attacks.
In fact, a survey by the Ponemon Institute found that nearly two-thirds of "connected" car owners said they were concerned about security.
And no wonder. In an experiment, it took experts at one cybersecurity firm just two minutes to hack into a car's electronic control unit (ECU).
And latest statistics from another firm, Upstream Security, show an increase of 380 percent in auto cyber attacks last year, versus 2021.
Mainly by getting access to your vehicle's own network, crooks may be able to start your car, change the mileage, download data, or issue commands to systems like brakes and steering, which could be lethal.
It's mind-blowing how this can be done. For instance, online tech site The Register recently reported that crooks had managed to steal a car by accessing its control system via the auto's headlamp wiring.
Here are some more of the ways car hackers can get access:
- When you click your remote to open or lock your car, crooks can use a device that can intercept and copy the wireless signal. Keyless entry technology accounts for more than half of vehicle cyber attacks.
- They can also hack into some vehicles' entertainment systems to get access to the car's own network.
- They can plug into the diagnostics outlet, known as an OBD-II, usually somewhere below the dashboard, again to access a vehicle's network.
- Another potential network access is through a car's own mobile Wi-Fi hotspot - the technology that enables a user to access the Internet through any mobile device.
- In a variation of this, scammers have been known to set up fake mobile hotspots, for example in a parking area. When someone uses it, the crooks have access to all the user's devices, including the vehicle itself.
Protect Your Car From Cyber Attacks
You may think there's little you can do to fend off smart car attacks but there are a few actions you can take to protect yourself and your car. For example:
- Keep your car's software up to date. Car hackers can exploit vulnerabilities in non-updated networks. Don't think you're at risk? The US National Highway Traffic Safety Administration identified 121 different vulnerabilities when they studied this in 2020. If you don't know how to run or check for an update, contact the manufacturer or dealer.
- Consider installing an anti-hacking lock to prevent access to the diagnostics outlet.
- Be cautious about who has access to this outlet - a car workshop for example; make sure you trust the mechanic.
- Be wary too about buying your own OBD-II diagnostic device online. Some of them are fake. They look real but can send back information to a scammer.
- And be careful about logging on to any external Wi-Fi hotspot. Use the same caution you would when using your mobile device on a public network. Ideally, use a virtual private network (VPN). We wrote about these in issue #813 - Do You Need a VPN (Virtual Private Network) for Your Internet Safety?
- Be on the lookout for phishing attacks that pretend to be from your car maker or audio manufacturer that requires you to provide log-in details for your infotainment system.
Just to make things worse, Upstream Security predicts a huge increase in "connected" cars in the next couple of years because of the growth in the electric vehicle (EV) market. In 2018, there were an estimated 330 million connected cars worldwide, Upstream says, but this number could easily double by the end of this year.
Expect to see hackers and scammers turn their attention to EV charging points, the firm says. Garage openers are another potential target if they're Wi-Fi enabled.
And as car technology becomes even more advanced, it will increasingly store data about users, which could be vulnerable to hacks and phishing attacks.
That's not to say crooks will have things all their own way. New laws and continuous monitoring of car systems are on the way. But they'll mostly help vehicle fleet operators. For the rest of us, alertness to the risks of car hack attacks and following our action points are key to security.
This Week's Scam Alerts
Phishing trick: Hackers have tricked several organizations, including Google Workspace and PayPal, into sending out phishing emails that can bypass security software - because they're genuine. Some of them include fake invoice attachments. As always, don't click on links in emails. Instead, go to the website of the organization and check everything there.
ChatGPT glitch: The firm behind ChatGPT, the artificial intelligence (AI) software that has taken the media and tech worlds by storm, says details of some paying users have been exposed. A technical glitch caused the problem, and the company, Open AI, says by the nature of the problem the chances of information falling into the wrong hands is "extremely low." Still, it's one more reason to be extra-vigilant.
Time to conclude for today -- have a great week!